I'm at a loss here. I've got a specific group of users upstairs whose sessions seem to expire completely randomly. It's not just when they leave the site sitting for a while, it can expire while they're browsing around. For me and most of our users everything works just fine. It's not a browser issue, we've got people in FF and all IE versions that both function correctly, and people in FF and IE that don't work.
gc_maxlifetime is at
43200 and the garbage collection is a crazy low
1/1000 (not that that should matter). Is it possible there's something else running on the server that's randomly deleting some of our sessions? What should I check? That still wouldn't explain why only this specific group seems to be affected.
I have a few Session settings that are different from the default:
session.gc_maxlifetime = 43200 session.gc_divisor = 1000 session.save_path = /var/lib/php/session session.use_only_cookies = Off session.bug_compat_42 = Off
The first three I'm not worried about, but could the last two be causing this behavior? I don't actually ever send cookies through the URL, so I have no good reason for having use_only_cookies off. I have no guarantees that the misfits who made this app before I got here didn't exploit the
bug_compat_42 thing to set session variables, but again, I would expect an issue with that to be less random.
On further investigation, I've found that the Session is not being destroyed at all, but the end-user is getting a new session ID. The old session still exists intact on the server, but a new one is randomly started while they're browsing.