I'm taking another stab at a problem that's plagued me for years. I use sessions for logged in users, as one does. For new users I create a new db entry and then retrieve the newly-created UserID key, and for existing ones I retrieve that key from the table. In either case I catch if the read/write errors so I know I have $UserID set by the time I get to the next code section. Which is simply this:
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['User'] = $UserID;
/* Proceed to next page */
When I go to that next page, the first thing I do is:
if (! isset($_SESSION)) session_start();
if (! isset($_SESSION['UserID'])) kickoutTo("SessionCheck.php");
And what drives me nuts is that maybe 1% of the time, I get that redirect. (SessionCheck.php is a page I made specifically for this problem, to gather feedback from these unlucky users.)
Now I can only imagine two reasons a session wouldn't be created:
- They don't accept cookies.
- A write issue on the drive won't create the temp file.
So my catch page writes a test cookie and then reads it on a followup page. The vast majority have no problem accepting them. (And the ones that do are informed as such.) So I don't think the issue is the acceptance of cookies. (Unless browsers have some way of only rejecting sessionid ones? I don't know, just spitballing.)
And for the second issue, if the drive couldn't write I'm sure it would cause a bunch of problems for everyone at once. I've had this happen a time or two over the years when a backup process goes awry; I just yell at my hosts and its resolved.
So I can't explain why most people have no problem but just a few do. For example, I've logged into my own site many thousands of times and never experienced it. But I get hundreds of logs from people who do. They're all using different browsers and different OS. They're on IPs from all over the world. It can happen 1 at a time or in clumps. Most of the errors come from new users, but not always.
Here are my session settings from phpinfo:
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 10000 10000
session.gc_maxlifetime 18000 18000
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
What could be doing this? Where do I look? What can I test for? It's been happening for years and during that time I've even changed servers within the same host company. Many thanks with this puzzle.
