I'm using codeigniter for my app

what my problem is session is expiring even though user is active on the site.

These are the session settings.. i'm using DB session

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 7200;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'edu_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

any solution for this.

help me i have to fix it

here is the codeigniter forum link

I've had issues with CI sessions expiring randomly. Do you have AJAX or dynamic resources loading the session library? If so, imagine this scenario:

I submit an ajax request (which passes in my CI session id with the cookie), and it returns the results, BUT I'm also submitting some other request (loading a dynamic image, another AJAX request, etc.) that immediately follows the first request. The first request might trigger the 300 second "it's time to update" event, and pass back a new cookie, but the additional request is sending the old session id, right?

So, CodeIgniter says "hey you, you can't do that" and creates a new session, invalidating both cookies my browser now doesn't know what to do with.

Here's a forum link I posted a while back that goes into more detail: http://codeigniter.com/forums/viewthread/172415/

As mentioned in the first answer, there is a race condition in the session library which has since been somewhat mitigated in the latest versions of CodeIgniter, including the 'develop' branch. This implements an isAjax check on session rotation, but it doesn't really fix the underlying problem.

are you sure that the session is destroyed? I think that it's just not getting updated as supposed and it creates a new one on every page request. (common Codeigniter's setting issue)

here's my suggestions:

double check your Application/Config/config.php file to ensure that the part of session domain looks like that if you host the site on the main directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "var/sessions/";
$config['cookie_secure']    = FALSE;

and like that if you host the site on a sub-directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "siteSubDirectory/var/sessions/";
$config['cookie_secure']    = FALSE;

and also make sure that the 2 directories are writable by fixing their permissions to 755 or so, and I strongly recommend that you enable database session, it's more secure and will help you find out the real problem by checking the session table. good luck :)

I will add a workaround for this issue. if an ajax call is made then do not update the session extend the session class by adding this file to the libraries folder:

    class MY_Session extends CI_Session {

    // --------------------------------------------------------------------

    /**
     * sess_update()
     *
     * @access    public
     * @return    void
     */
    public function sess_update()
    {
        $CI =& get_instance();

        if ( ! $CI->input->is_ajax_request())
        {
            parent::sess_update();
        }
    }

}

Just change ci_sessions table encode to MyISAM: ALTER TABLEci_sessionsENGINE = MyISAM;