Inc session.cache_expire. You have only 3 minutes. This means browser will drop cookie containing session id in three minutes, or even less, of clients inactivity. I prefer to set expire-time to zero. So, browser will never forget session id. In other case, if security requires, i usually set it to 24 hours, to avoid some mystic problems, in case of misconfigured servers and/or clients TZ; they are rare.
2010/11/4, Paul Waring <p...@xk7.net>: > I'm having trouble with a PHP site whereby some users are being logged > out on a regular basis. This will usually happen after they have been > using the site for a few minutes, they can login without any problems > and access a few pages, but then suddenly they will request a page and > be sent to the login form, which suggests that their session no longer > exists. However, this doesn't affect all users - I can login and use the > application without any problems, as can some other users. > > According to phpinfo(), the following session values are set (all are > what I'd expect - either the default or something I've deliberately > changed): > > session.auto_start = Off > session.bug_compat_42 = On > session.bug_compat_warn = On > session.cache_expire = 180 > session.cache_limiter = nocache > session.cookie_domain = no value > session.cookie_httponly = Off > session.cookie_lifetime = 0 > session.cookie_path = / > session.cookie_secure = Off > session.entropy_file = no value > session.entropy_length = 0 > session.gc_divisor = 100 > session.gc_maxlifetime = 1440 > session.gc_probability = 1 > session.hash_bits_per_character = 4 > session.hash_function = 0 > session.name = PHPSESSID > session.referer_check = no value > session.save_handler = files > session.save_path = /shared/sessions > session.serialize_handler = php > session.use_cookies = On > session.use_only_cookies = Off > session.use_trans_sid = 0 > > I've tried checking a few obvious things: > > * IP addresses - the site doesn't use the IP address as part of the > authentication process, and almost all our users (including the ones > experiencing problems) have static IP addresses anyway. > > * Number of sessions - there are between 40-60 session files on disk at > any one time, so I doubt there's a "maximum number of session files" > limit being broken, if such a configuration option exists. > > * Permissions - the web server user (www-data) has read/write > permissions to the directory where the sessions are stored and all the > files within it, and they are all owned by this user. > > Is there anything else obvious which could be causing the problem? This > seemed to occur when we moved hosts, and I haven't changed the site's > session handling code for some time, so I suspect it might be a > configuration issue but can't figure out what. > > Thanks, > > Paul > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php