499 posts
  • Affiliate Level 1
  • Author Level 3
  • Collector Level 2
  • Canada
+2 more

Could the temp directory where your sessions are being created be full (on the server)?

Do you have access to the php logs or anything like that?

And have you had problems on this server before?

Have you tried passing the session id yet? http://www.php.net/manual/en/session.idpassing.php

4335 posts
  • 8 Years of Membership
  • Affiliate Level 1
  • Author Level 3
  • Beta Tester
+11 more
Sorry for the double post.. The problem has returned, and now the Session remains empty at all times! The worst part is, I changed nothing at all. I guess I might have to rely on cookies instead – or does anyone have any other suggestions regarding the cause?

Firstly, you tried my idea? :P

Secondly, not sure what it is that you are trying to do, but would local client side js storage cut it? :)

3875 posts Community Moderator
  • Weekly Top Seller
  • Envato Tuts+ Instructor
  • Netherlands
  • 8 Years of Membership
+9 more
Firstly, you tried my idea? :P Secondly, not sure what it is that you are trying to do, but would local client side js storage cut it? :)

I tried it, to no avail :( I’m unsure as to what you mean with local client side js storage, but I’ll look in to it, purely out of curiousity :)


I think the tempdirectory might indeed be the case, but you’d think it would clean up after a short while.. Either way, I have no access to that directory and have indeed always had these problems on this server, but they seemed to come and go randomly :o

Clientsided cookies sufficy now, I’ve implemented them, and as they arn’t protection anything vunerable, I guess they’ll last perfectly fine for the job. Thanks for the suggestions guys! I’ll stop digging up this thread now ;)

5441 posts
  • Copyright Ninja
  • Helpful Hacker
  • Power Elite Author
  • Author Level 12
+22 more

Give this a shot:

create a new “temp” directory in your website root directory. We’ll tell php to use this new folder to save session information in. This way if your shared hosting session folder has filled up, you will still have room left for your own sessions (unless you hit any limits on your own hosting account).

ini_set("session.save_handler", "files");
session_save_path (getcwd() . "/temp/");

Then just use sessions as normal, remove any old fancy tricks like session_write_close().

Once its working you can remove those first two error reporting lines.

(update: even putting those two error reporting lines in your current setup may show an error like “unable to write session data” or something)

17 posts
  • Weekly Top Seller
  • Author Level 4
  • Collector Level 4
  • Affiliate Level 2
+3 more

The most secure way is to create a fake session system. Store a cookie with a long, random string as the session key, then store any session data in a serialized array in a database. Just fetch the array and unserialize it. You can do more advanced things like store the user IP and browser string along with the serialized array and do a check when looking in the database so the session can not be hijacked.

A system like this is easily done, even with the more advanced options added should be less than 50 lines of code.