Session problems when APC is turned on

Question

We have a problem with PHP session when APC is enabled on our server.

The app works great without APC. However, since we enabled APC, the sessions seems to be getting mixed up when the server experiences heavy load, i.e. users are randomly logging on as another. Everything reverts back to normal once we disabled APC. We can't seem to find anyone with the same problem, except a related problem with these guys (set-cookie was being cached in MS ASP): http://msdn.microsoft.com/en-us/magazine/cc163577.aspx#S2

Anyone else has similar experience? Can you recommend any suggestions?

PS: We have all our sessions handled by files in php.ini. We are also running apache2.

Answer 1

We're having a similar issue here. APC is only a primary suspect at this point because it's been difficult to reproduce.

We're using Zend Framework w/ session management and the theory is that Zend's code is cached in APC and when the system is under severe load the code is using a previously cached SID instead of the current one.

Our safeguard is to save the session ID inside the session data and compare the values when the session is retrieved. If the IDs are different we destroy the session and exit.