Session destroyed out of nowhere in PHP

Asked 22/1, 2016 at 10:50 Answered 6/4, 2020 at 12:2

I am experiencing issue with a session being destroyed out of nowhere:

session_start(): Failed to decode session object. Session has been destroyed.

Kind of impossible to replicate the issue since I got this thrown in my server log.

Any ideas what could be the roots of that problem and/or where to start because I am getting that very rare (almost never).

Mudskipper answered 22/1, 2016 at 10:50 Comment(5)

Please check this link:-#8550257 – Discard 22/1, 2016 at 11:4

Same issue here right now. We save the session in the DB. It appeared after i changed a custom created PDO-Object against one from Eloquent/Capsule. Still no idea, what is the difference between the two PDO-Objects. – Fulvia 24/1, 2017 at 16:0

This issue popped up in my application when handling unicode. Custom session handler writes improperly to the database and is unable to retrieve it back. – Farrington 23/2, 2017 at 14:48

just check if using db storage for session check the column's data type and length – Cargill 13/9, 2017 at 1:0

If this problem occurs with certain Unicode characters and the session stored in a database, make sure the data is really stored in binary form, not as character data. If you cannot change the column type, base64 encoding/decoding may help. PHP issue #71088 may be relevant for PostgreSQL users. – Connieconniption 30/1, 2018 at 14:19

This happened to me when I was storing too much in $_SESSION where they were saved using serialize() in a table. Solution: don't store too much.

Groin answered 11/7, 2017 at 1:42 Comment(0)

I had this problem as well and I discovered the problem was when someone posted an emoji. My current server set up couldn't handle these four bytes symbols, resulting "Failed to decode session object. Session has been destroyed".

What I did was to update to character set utf8mb4 with the collation utf8mb4_unicode_ci.

In order for this to work you need to make this change to your database, the database tables and the table columns. Also, in your application code, set the connection character set to utf8mb4.

This guide might help >

Waldman answered 21/3, 2018 at 20:48 Comment(2)

I had a similar problem, I accidentally had a data file of product names with some 'space' characters actually being a c2a0 sequence ('no break space'), this string was being saved into $_SESSION somewhere, and my Zen Cart setup is configured to store sessions in the database. SHOW FULL COLUMNS FROM zen_sessions; shows the collation_name of the value column is null, so I guess it takes its character set from the database, and show variables like "character_set_database"; shows that is latin1. In my case I fixed the problem by removing the dodgy space characters from the data file. – Turbellarian 10/4, 2019 at 9:22

Finally! An answer that helped me. Thanks! – Alyce 31/7, 2022 at 14:16

So I experienced this after migrating from Lighttpd webserver, PHP 5.6 to Nginx webserver, PHP 7.2, and at first it seamed so random, however, I was able to notice that this issue is user specific, where some of the users where able to login normally, but the server was not able to provide data from the session, so I checked read function in the custom session class and checked what data it was trying to serialize() and return, by using unset() I removed anything that I thought was not useful for the application to run before serialize() and return, and that seams to have solved the problem.

So the problem is either one or both:

too much data as @Luke Wenke suggested
data that cannot be handled as @Carl suggested

for more on the read function: https://www.php.net/manual/en/function.session-set-save-handler.php

Vera answered 6/4, 2020 at 12:2 Comment(0)

Just in case the other answers didn't help you... This happened to me too recently, during development. In my environment, I was saving my sessions in a PostgreSQL DB using a sessions object. I used an object (a custom type) to set a session variable which caused the error. I was doing this

$username = new Name($httpRequest->username);
$_SESSION['username'] = $username;

Turned out it was because I was setting the session variable using a custom data type. I type-cast it to a primitive (string) by doing the following and the error went away.

$_SESSION['username'] = (string)$username;

Tragedienne answered 3/3, 2020 at 12:57 Comment(0)

Recommended topics

Hot tags