499 posts
  • Canada
  • Exclusive Author
  • Sold between 1 000 and 5 000 dollars
  • Has been a member for 5-6 years
  • Bought between 10 and 49 items
  • Referred between 1 and 9 users
TutelageSystems says

Could the temp directory where your sessions are being created be full (on the server)?

Do you have access to the php logs or anything like that?

And have you had problems on this server before?

Have you tried passing the session id yet? http://www.php.net/manual/en/session.idpassing.php

4335 posts
  • Beta Tester
  • Bought between 10 and 49 items
  • Community Moderator
  • Contributed a Blog Post
  • Contributed a Tutorial to a Tuts+ Site
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
+6 more
Reaper-Media Volunteer moderator says
Sorry for the double post.. The problem has returned, and now the Session remains empty at all times! The worst part is, I changed nothing at all. I guess I might have to rely on cookies instead – or does anyone have any other suggestions regarding the cause?

Firstly, you tried my idea? :P

Secondly, not sure what it is that you are trying to do, but would local client side js storage cut it? :)

3671 posts Community Moderator
  • Has been a member for 5-6 years
  • Contributed a Tutorial to a Tuts+ Site
  • Netherlands
  • Community Moderator
  • Envato Studio (Microlancer) Beta Tester
  • Sold between 10 000 and 50 000 dollars
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Exclusive Author
+4 more
Joost Volunteer moderator says
Firstly, you tried my idea? :P Secondly, not sure what it is that you are trying to do, but would local client side js storage cut it? :)

I tried it, to no avail :( I’m unsure as to what you mean with local client side js storage, but I’ll look in to it, purely out of curiousity :)

@TutelageSystems

I think the tempdirectory might indeed be the case, but you’d think it would clean up after a short while.. Either way, I have no access to that directory and have indeed always had these problems on this server, but they seemed to come and go randomly :o

Clientsided cookies sufficy now, I’ve implemented them, and as they arn’t protection anything vunerable, I guess they’ll last perfectly fine for the job. Thanks for the suggestions guys! I’ll stop digging up this thread now ;)

2954 posts
  • Australia
  • Community Moderator
  • Elite Author
  • Author had a Free File of the Month
  • Most Wanted Bounty Winner
  • Author had a File in an Envato Bundle
  • Has been a member for 5-6 years
  • Contributed a Blog Post
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
+10 more
dtbaker Volunteer moderator says

Give this a shot:

create a new “temp” directory in your website root directory. We’ll tell php to use this new folder to save session information in. This way if your shared hosting session folder has filled up, you will still have room left for your own sessions (unless you hit any limits on your own hosting account).

ini_set("display_errors",true);
ini_set("error_reporting",E_ALL);
ini_set("session.save_handler", "files");
session_save_path (getcwd() . "/temp/");
session_start();

Then just use sessions as normal, remove any old fancy tricks like session_write_close().

Once its working you can remove those first two error reporting lines.

(update: even putting those two error reporting lines in your current setup may show an error like “unable to write session data” or something)

17 posts
  • Sold between 5 000 and 10 000 dollars
  • United States
  • Exclusive Author
  • Has been a member for 5-6 years
  • Bought between 100 and 499 items
  • Referred between 10 and 49 users
benphelps says

The most secure way is to create a fake session system. Store a cookie with a long, random string as the session key, then store any session data in a serialized array in a database. Just fetch the array and unserialize it. You can do more advanced things like store the user IP and browser string along with the serialized array and do a check when looking in the database so the session can not be hijacked.

A system like this is easily done, even with the more advanced options added should be less than 50 lines of code.

by
by
by
by
by
by