Session variables get lost...

josec

I am working with PHP 4.x and using sessions to carry user information from one page to the next. I have a common library in which I have a "validate_session()" function to find out if the session timed-out, and other security checks.

After logging in, the user is directed to a "main console" which is a frameset and contains 2 parts. One is a "check" which is refreshed every N seconds, and the second is the menu of the application.

When I load at first the main console of the system, everything works OK, and I can go from one option to the next without problems, but if I refresh the main console (i.e. click on the F5 key using MSIE 6.0) then after some time (not from the beginning) my session variables ($_SESSION) seem to have unset themselves...

I use the session_start() both at the begining of all scripts and at the beginning of the functions that require session info; In my validate_session() function, I have something like:

echo "Script: ".$SERVER["PHP_SELF"];
echo "<br>Cookie: ".$COOKIE["PHPSESSID"]; // the name of my session cookie
echo "<br>Session name: ";
print session_name();
session_start();
echo "<pre>";
print_r($_SESSION);
echo "</pre>";

and when I first load the console, everythhing looks OK, and I can even refresh the console a coupple of times with the same results:

Script: /console_body.php
Cookie: d0d757e0bf99cd673f8065b56ed90ba7
Session name: PHPSESSID
Array
(
[username] => my_user
[password] => my_password
)

but then after some time (20-30 seconds), if I refresh the console, my output is something like:

Script: /console_body.php
Cookie: d0d757e0bf99cd673f8065b56ed90ba7
Session name: PHPSESSID
Array
(
)

and my session variables are unset.

However, if I don't refresh the console, I can go on and on for hours using other options in the application (which also call the validate_session function) with the expected behaviour. The problem only appears if I refresh the console after some 20-30 seconds after logging in.

I checked that the session_start() is called before any requirements of the session, and before the line including the library containing the validate_session() function. Everything is OK.

Any ideas or comments on what could be wrong will be appreciated...

If needed, I could post more code.

Thanks in advance!

josec

Originally posted by josec
However, if I don't refresh the console, I can go on and on for hours using other options in the application (which also call the validate_session function) with the expected behaviour. The problem only appears if I refresh the console after some 20-30 seconds after logging in.

Sorry, that is not necesarily true... If I do some other things, and then refresh the console, it works, but I refresh the console a few times (4-5) then eventualy it fails...

Thanks again 🙂