Session issues

foid025

I am having trouble with SESSION variables on my website. It seems I keep getting logged after only a few minutes, and its quite the hassle having to sign back in each time. I've made a .htaccess file editing every single Session variable I could think of - to no avail... Any advice would be appreciated.

php_value session.gc_maxlifetime 40000
php_value session.cache_expire 800
php_value session.cookie_lifetime 40000

Geoffroy

dougal85

Since i can't see anything there thats wrong.

Could it be a problem with your code? Or have you tested it on another server?

how 'bout posting your login/logout code?

foid025

I'm confused about it though because it seems that I can be logged out from any page on the site. Structure wise, users log in through a HTML form, and then a second log in page checks their credentials and sets corresponding SESSION variables. These are used on practically every page on the site. When the SESSION variables are empty, the user is redirected to an error page and requested to sign back in.

Any ideas?

dougal85

Is there any kind of pattern with how long it takes for you to be logged out?

ie. You log in and the first page you go to is fine and the second isnt?

I would guess there is something wrong with your method that checks the user is logged in. as you must be checking the session data on each page.

As i said before, without seeing code its hard to know whats going on. We all know what blackbox testing is, this is like blackbox debugging 😉

foid025

haha thanks dougal. well okay here's some code. this is on a page from which i am frequently 'logged out', though I haven't observed any patterns as to when I get logged out and when I dont.

//check the user's id
	$securityArray = explode(";", $folderUid);
	$allowed = false;
	for($i=0;$i<count($securityArray);$i++)
	{
		if($securityArray[$i] == (int)$_SESSION['uid'])
		{
			$allowed = true;
		}
	}
	if($allowed != true)	//check if user is allowed to view this folder
	{
		?><META HTTP-EQUIV="Refresh" CONTENT="0; URL=errors.php?code=11"><?	//redirect user if he's not
	}
	else
	{
		$uid = $_SESSION['uid'];	
                }

That snippet takes data from a mySQL db to check whether a given user is allowed to access the page. The different allowed users have uids (user id) stored in an array, so that array is broken up and the $_SESSION value is compared to each uid. if a match is found, the user is allowed to continue, otherwise he's kicked out.

Any ideas? Fishy problem... no clue what's wrong

dougal85

I'm drawing up blanks i'm afraid...

Hopefully somebody else will look at this post.

foid025

Okay thanks for your help anyways dougal. Anyone?