PHP Sessions Expiring Unexpectedly


I'm at a loss here. I've got a specific group of users upstairs whose sessions seem to expire completely randomly. It's not just when they leave the site sitting for a while, it can expire while they're browsing around. For me and most of our users everything works just fine. It's not a browser issue, we've got people in FF and all IE versions that both function correctly, and people in FF and IE that don't work.

My gc_maxlifetime is at 43200 and the garbage collection is a crazy low 1/1000 (not that that should matter). Is it possible there's something else running on the server that's randomly deleting some of our sessions? What should I check? That still wouldn't explain why only this specific group seems to be affected.

I have a few Session settings that are different from the default:

session.gc_maxlifetime = 43200
session.gc_divisor = 1000
session.save_path = /var/lib/php/session
session.use_only_cookies = Off
session.bug_compat_42 = Off

The first three I'm not worried about, but could the last two be causing this behavior? I don't actually ever send cookies through the URL, so I have no good reason for having use_only_cookies off. I have no guarantees that the misfits who made this app before I got here didn't exploit the bug_compat_42 thing to set session variables, but again, I would expect an issue with that to be less random.


On further investigation, I've found that the Session is not being destroyed at all, but the end-user is getting a new session ID. The old session still exists intact on the server, but a new one is randomly started while they're browsing.

Best Solution

The issue here turns out to be that their browser was setting the session cookie to expire prematurely. I've solved the issue with this dirty, dirty hack that you should never have to use, ever. I'm not proud of this, but if this shines some light on anything feel free to let me in:

if (!headers_sent()) {
    if ($_COOKIE["PHPSESSID"] != "") {
        setcookie("PHPSESSID", $_COOKIE["PHPSESSID"], time()+43200, "/", "");