Menu
My application is not built on MVC pattern but it partially using Zend Framework components like Config, Loader, Session, Auth, Service and XmlRpc.
Recently I have discovered that in some occasions, if user would navigate through pages too fast or press F5 too quick, his session would be destroyed and he would be logged out of the system. There is a similar question but his solution did not helped me to solve this issue.
Session Config:
cookie_domain = ".mydomain.com"
name = "myApplicationName"
remember_me_seconds = 864000
save_path = "/path/to/my/session/storage/"
save_handler = "files"
strict = true
use_only_cookies = true
On page initialisation:
$config = new Zend_Config_Ini(CONFIG_DIR . 'session.ini');
Zend_Session::setOptions($config->toArray());
Zend_Session::start();
Account Controller:
function __construct(...)
{
/**
* @var $session Zend_Session_Namespace
*/
$session = Zend_Registry::get('Zend_Auth');
if(isset($session->identity))
{
Zend_Session::rememberMe();
}
}
Log out process:
if(isset($_GET['logout']))
{
Zend_Session::destroy(TRUE);
}
Did any one else experienced this issue and have some clues what can be wrong and how to fix it?
I have disabled Zend_Session::rememberMe() and everything seems to work fine now. As I understand, on every request this method refresh session_id and rename session file, and due to read/write performance issue it cannot find newly created session, and because of that session handler is lost.
Just wondering, would changing session storage to database could fix this issue?
646
I encountered this problem before with raw PHP. The problem was that session_regenerate_id() was being called too frequently (every HTTP request).
Check to see if something (whether the Zend framework or some other code) is regenerating your session ID. You might be running into an HTTP race condition where the ID it gets is not as new as the one PHP expects.
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
