admin session expires on every click

[oloccina]

Hello,
I just installed 2.7.3 version,
I had no problem during the installation, but
then I noticed that when I was accessing the admin area and cliking any link I was automatically logged-out

The session expiry time is not displaied, I see this message:
Your session will expire in Loading...

Do you know what could be causing this issue?
Maybe some server configurations? because I am trying to install ona VPS server, in the old shared server I had not this kind of problem
I tried to uninstall everything, clean up database and install again, but I'm having the same issue.

Regards,
Nic

[Thorsten]

Hi,

looks like a session issue on your server, is the /tmp folder writable for PHP?

bye
Thorsten

[oloccina]

Hello,
this error disappeared automatically for some months,
then this morning I again have the described issue

I just upgraded to 2.7.7 but this did not solve the issue

I do not see the /tmp folder in the main folders list

phpmyfaq_folders.png

Regards,
Nic

[Thorsten]

Hi,

it's the global /tmp folder on your server!

bye
Thorsten

[oloccina]

permissions of my server tmp folder are

-rwxrwxrwt

tmp_folder.png

but I'm not sure if they shuld be like this...

[Thorsten]

Hi,

you don't need execute permissions, just read and write.

bye
Thorsten

[oloccina]

Hi,

you don't need execute permissions, just read and write.

bye
Thorsten

but even with execute permissions there should be no issue isn't it?
Because with permissions as I posted I am still having the problem

[Thorsten]

Hi,

do you see any files in /tmp like sess_?

bye
Thorsten

[oloccina]

I see just these files:

tmp_files.png

[Thorsten]

Hi,

how does your PHP Session config in your php.ini file looks like?

bye
Thorsten

[oloccina]

It is like this:

[Session]
; Handler used to store/retrieve data.
; http://www.php.net/manual/en/session.co ... ve-handler
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://www.php.net/manual/en/session.co ... .save-path
session.save_path = "/var/lib/php/session"

; Whether to use cookies.
; http://www.php.net/manual/en/session.co ... se-cookies
session.use_cookies = 1

; http://www.php.net/manual/en/session.co ... kie-secure
;session.cookie_secure =

; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combatting
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://www.php.net/manual/en/session.co ... ly-cookies
session.use_only_cookies = 1

; Name of the session (used as cookie name).
; http://www.php.net/manual/en/session.co ... ssion.name
session.name = PHPSESSID

; Initialize session on request startup.
; http://www.php.net/manual/en/session.co ... auto-start
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://www.php.net/manual/en/session.co ... e-lifetime
session.cookie_lifetime = 0

; The path for which the cookie is valid.
; http://www.php.net/manual/en/session.co ... ookie-path
session.cookie_path = /

; The domain for which the cookie is valid.
; http://www.php.net/manual/en/session.co ... kie-domain
session.cookie_domain =

; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
; http://www.php.net/manual/en/session.co ... e-httponly
session.cookie_httponly =

; Handler used to serialize data. php is the standard serializer of PHP.
; http://www.php.net/manual/en/session.co ... ze-handler
session.serialize_handler = php

; Defines the probability that the 'garbage collection' process is started
; on every session initialization. The probability is calculated by using
; gc_probability/gc_divisor. Where session.gc_probability is the numerator
; and gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request.
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://www.php.net/manual/en/session.co ... robability
session.gc_probability = 1

; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://www.php.net/manual/en/session.co ... gc-divisor
session.gc_divisor = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://www.php.net/manual/en/session.co ... axlifetime
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, even when register_globals
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
; recommended that you do not use this feature on production servers. But you
; should enable this on development servers and enable the warning as well. If you
; do not enable the feature on development servers, you won't be warned when it's
; used and debugging errors caused by this can be difficult to track down.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://www.php.net/manual/en/session.co ... -compat-42
session.bug_compat_42 = Off

; This setting controls whether or not you are warned by PHP when initializing a
; session value into the global space. session.bug_compat_42 must be enabled before
; these warnings can be issued by PHP. See the directive above for more information.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://www.php.net/manual/en/session.co ... ompat-warn
session.bug_compat_warn = Off

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
; http://www.php.net/manual/en/session.co ... erer-check
session.referer_check =

; How many bytes to read from the file.
; http://www.php.net/manual/en/session.co ... opy-length
session.entropy_length = 0

; Specified here to create the session id.
; http://www.php.net/manual/en/session.co ... tropy-file
;session.entropy_file = /dev/urandom
session.entropy_file =

; http://www.php.net/manual/en/session.co ... opy-length
;session.entropy_length = 16

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://www.php.net/manual/en/session.co ... he-limiter
session.cache_limiter = nocache

; Document expires after n minutes.
; http://www.php.net/manual/en/session.co ... che-expire
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publically accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
; http://www.php.net/manual/en/session.co ... -trans-sid
session.use_trans_sid = 0

; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; http://www.php.net/manual/en/session.co ... h-function
session.hash_function = 0

; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; http://www.php.net/manual/en/session.co ... -character
session.hash_bits_per_character = 5

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://www.php.net/manual/en/session.co ... riter.tags
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

[Thorsten]

Hi,

your sessions will be stored in

Code: Select all

session.save_path = "/var/lib/php/session"

instead of /tmp. Is /var/lib/php/session writable?

bye
Thorsten

[leandrorius]

I'm having the exact same problem, the session expires on every click.
I believe that must be something with php.ini or apache config, because I didn't install on a clean webserver. But I have no idea what it is...


Here's my Session in "php.ini":

Code: Select all

[Session]
session.save_handler = files
session.save_path = /var/www/php-session
session.use_cookies = 1
session.cookie_secure = 1
session.use_only_cookies = 1
session.name = SIDUNCLO
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain = my.domain.com
session.cookie_httponly = 1
session.serialize_handler = PHP
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check = my.domain.com
session.cache_limiter = nocache
session.cache_expire = 20
session.use_trans_sid = 0
session.hash_function = 1
session.hash_bits_per_character = 5
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

I believe that the permission at "/var/www/php-session" is OK:

Code: Select all

drwxrwx---   2 root     httpd      31744 Jul 17 11:24 /var/www/php-session

And here is my Virtualhost configuration:

Code: Select all

<VirtualHost 192.168.0.1:80>

AddDefaultCharset utf-8

  php_value session.cookie_domain "other.domain.com" # I've tried without this line, but did't help
  php_admin_value sendmail_path "/usr/sbin/sendmail"
  php_value date.timezone "America/Sao_Paulo"

    ServerAdmin johndoe@foo.bar.com
    DocumentRoot /var/www/faq
    ServerName faq.other.domain.com

    DirectoryIndex /index.php

  <Directory "/var/www/faq/">
    Options None
    AllowOverride All
    Order deny,allow
    Allow from all
  </Directory>

</VirtualHost>

Can anyone help, please?

[leandrorius]

Hey! I have solved my problem described in my last post.
Actually, there was something wrong with my "Session" section in php.ini.
Now I'm having another problem: I can't change any configs as admin. I've created a new post for this issue here: http://www.phpmyfaq.de/forum/viewtopic.php?f=3&t=14527

[oloccina]

Hi,

your sessions will be stored in

Code: Select all

session.save_path = "/var/lib/php/session"

instead of /tmp. Is /var/lib/php/session writable?

bye
Thorsten

Heloo,
here is what I see

var_lib_php_session.png