{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Lonely孤独者° 的问题《php $_SESSION variables disappear and reappear ran》','https://www.manongdao.com/q-370954.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Preface: this is a "development" from an earlier question of mine, whose answers didn't solve my problem in the end. But through trying all the suggestions and also trying other stuff, I discovered that the real problem is something else, so I rephrase my question here
I have a login page/system which has worked correctly for years, leaving the user logged in until he/she either closes the browser window or logs out manually. But lately after only a few minutes of inactivity the session cookie/s seemed to expire, causing the user to be logged out automatically.
This happens on different browsers and different operating systems, the PHP version is 5.6.29, which has been changed recently (before it was 5.5 and even 5.3).
I create and refresh the session on every page with session_start(). The login script first checks user name and PW and also gets some other user data from the database. These other data and the successful login state are saved in session variables like
$_SESSION['username'] = $name;
$_SESSION['usertype'] = $type;
$_SESSION['login'] = "ok";
On the other pages I check the login state like this:
session_start();
if(($_SESSION['login'] != "ok") OR ($_SESSION['usertype'] != "xxx")) {
header("Location: ../login.php"); /* redirects to login page if conditions are not true */
exit;
}
The login works, and logged-in users can proceed to other pages for some time, but after some time (varying strongly), he/she seems to be logged out (i.e. redirected to the login page when trying to open another page).
Then I noticed (in the developer tools) that the session ID cookie kept the same value after the session seemed to have expired (which I had thought, since the session variables were gone). But the session didn't expire, only the session variables had disappeared. In my tests I tried echoing some of those variables on some pages, and rather by accident I discovered that after they already had disappeared (no echo output) they reappeared after a few minutes when I reloaded the page or changed to another page.
Now that's where I am stuck at the moment: How can this happen, and especially: What can I do to prevent those variables from playing hide-and-seek?
(BTW, I don't have access to the server settings - this is on a shared webspace...)
This is not a solution, just a test for the case I wrote about in the comments. Could you try this?
Copy this to your server. It creates files in the /tmp/lbtest123 folder, using the number passed as a parameter. Then lists the files already created.
Call it with increasing numbers, for the same amount of time you expect the "logout" to happen. Example:
Example result:
I expect it to show something like these after a while:
For anyone who is interested:
Obviously @Crouching Kitten was right - the provider has an architecture with multiple machines behind a load balancer or something similar, and there is nothing I can do about this.
So I took his advice and now save everything that had been session varibles before (together with the session id) in a database which I access at the beginning of each page of that website. I also save a timestamp in there, which gets updated with every new query containing the same session ID, so I could set up a cronjob that erases outdated data (older than 90 minutes - but that interval can be anything) every half hour.