need session expert help!

hiberphoptik

we moved from a winNT box to Linux, and now we have strange issues with our sessions

they were not clearing and we would quickly have 10,000+ session files in /tmp (nightly cron job takes care of that now)
this one is HUGE and has us all stumped... when users log into the website they are randomly showing up as someone they are not for example:

i sign is as shafen and the system will say "hello you are signed in as aharris"

this value comes from the session, so WHY is it randomly pulling aharris for people, its always aharris

any suggestions? or have i stumped the entire php community with this one 🙂

ajmoore

Have you looked at the sessions area in your php.ini file? I had some similar problems and it turned out to be related to the garbage collection routine....Take a look at this page .... May help with deciding how your configuration should look.

hiberphoptik

We thought that too and nothing we do to the session area of php.ini seems to resolve the isssue, here are the session settings we are using:

session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =/
session.serialize_handler = php
session.gc_probability = 50
session.gc_maxlifetime = 3600
session.referer_check =
session.entropy_length = 0
session.entropy_file = /dev/urandom
session.entropy_length = 16
session.cache_limiter = nocache
session.cache_expire = 480
session.use_trans_sid = 1

this is really kicken our butts please let me know if anything on here stands out.

more info from test script i ran with someone who was aharris:

uid (from session var) is aharris

auth cookie is llangman

session cookie path is - /
session cookie domain is -
session cookie secure is -
session cookie lifetime is - 0

then when they close all browser windows and log in again they are not aharris anymore (untill next time this happens)