I have make a workaround for my problem using MySQL for
session storage and not using the PHP generated SIDs, but using
some SID generated with something like this :
$tsid=$_SERVER['HTTP_USER_AGENT'].'|'.$_SERVER['REMOTE_ADDR'].'|';
$tsid=md5(md5($tsid));
session_id($tsid);
session_set_save_handler
("mysession_open","mysession_close","mysession_read","mysession_write","myse
ssion_destroy","mysession_gc");
session_start();
this works just fine, it is more insecure but it works, it also shows that
the
problem is somewhere in PHP generating another SID for the same user
before session's timeout in a randomly manner. I will try to report this in
the PHP bugs database.
Thanks all for help.
Puiu Hrenciuc.
"Puiu Hrenciuc" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hello,
>
> I am a little desperate right now since I have tried to solve this problem
> for 3-4 days now.
> I have developed a site that uses sessions for user authentication and
data
> storage between page access.
> The development server is Apache1.3.24/MySQL4.1.0/PHP4.3.3/Win XP Pro
> The release server is Apache1.3.27/MySQ3.2.25/PHP4.3.1/Linux 2.4.25
>
> The site is working just fine on the development server, but when
uploading
> on release
> server it keeps losing session data and the users are logged out of their
> account in a
> randomly manner. I can't reproduce the behaviour since it is all randomly,
> for eg.
> the session may expire immediately but it can also last 30-40 min. It does
> not expire
> on same page every time. I have tried to see if it is a browser related
> issue so I have loaded
> the page into IE6, NN7, OPERA7 but the problem persisted. Next step I
> thought that it
> could be a process on the release server that deletes files on /tmp so I
> have changed the
> session_save_path to another dir, same problem. Now I have made some
> functions
> and keep the sessions in a MySQL database. It works fine on the
development
> server,
> but... , BUT... , it has the same behaviour on the release server. Using
> MySQL storage
> I have discovered the PHP changes SIDs randomly ( at least so it seems )
so
> the session's
> data is not lost ( the MySQL record is there, and the data field is ok,
all
> variables are there
> kindly waiting to be read by PHP :) ), but new sessions are created for
same
> connection
> so I think this is PHP or Cookies related.
> If you would like to see the phpinfo() snapshots:
> Development server : http://www.pur.ro/devphpinfo.htm
> Release server : http://www.pur.ro/relphpinfo.htm
>
> Can someone please help me, coz' my hair is turning white and I'm too
young
> to die :)
>
> Thanks,
> Puiu Hrenciuc.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
