Zend Framework - session id regenerated, can't stay logged in [duplicate]

Asked 11/5, 2011 at 11:4 Answered 28/6, 2015 at 20:57

I'm trying to store sessions in a database using Zend Sessions however for some reason my sessions die out. Im not sure if there's some code being executed which does this or whether its something else.

I've noticed that the session ID seems to be regenerated after a breif time after having logged in.

This is even despite having added the following line in my htaccess file:

php_value session.auto_start 0

The end result is that I'm logged out every minute I'm logged in.

Heres my code in my bootstrap file

$config = array(
    'name'           => 'session',
    'primary'        => 'id',
    'modifiedColumn' => 'modified',
    'dataColumn'     => 'data',
    'lifetimeColumn' => 'lifetime'
);


$saveHandler = new Zend_Session_SaveHandler_DbTable($config);
Zend_Session::rememberMe($seconds = (60 * 60 * 24 * 30)); 

$saveHandler->setLifetime($seconds)->setOverrideLifetime(true); 

Zend_Session::setSaveHandler($saveHandler);
//start your session!
Zend_Session::start();

I'm not using any other session related function except perhaps for Zend_Auth when logging in.

Infact rememberme calls the regenerateID function of the Session class - the end result is that I'm constantly logged out every few minutes now.

Haro answered 11/5, 2011 at 11:4 Comment(5)

And what is the table structure you use? – Lunt 11/5, 2011 at 13:37

Have you been able to figure it out Ali? – Adenectomy 14/5, 2011 at 2:50

Not yet I'm afraid - I've put it aside for now but need a solution – Haro 23/5, 2011 at 11:51

Hey, this might be worth trying since nothing else works. Try changing the order that you're calling things again. Call the rememberMe AFTER you've set the savehandler. – Adenectomy 25/5, 2011 at 12:44

I've done that and the end result is that I'm logged out every few minutes :( infact I've commented out the rememberme function so atleast I stay logged in until the browser window is closed. Frankly I'm stumped here... – Haro 26/5, 2011 at 5:37

I think that you might be having this problem because you're calling rememberMe BEFORE starting the session.

You have to start the session first otherwise rememberMe won't do anything since it needs a session to set the rememberMe time on.

rememberMe calls the regenerateId function and the regeneration of the Id is what really needs the session to exist.

Place the rememberMe call after the session start then see how that works for you.

If that isn't it then I don't know what it could be since my code looks similar to yours.

Adenectomy answered 11/5, 2011 at 11:43 Comment(9)

OK - I'll try that! I'll be back in a while! – Haro 11/5, 2011 at 12:1

The documentation however states the opposite framework.zend.com/manual/en/… that Rememberme must be called before starting a session :( – Haro 11/5, 2011 at 12:3

hmmm? That's very strange. I looked directly at the code and the rememberMe function calls regenerateId. RegenerateId does nothing if the session isn't set, however. – Adenectomy 11/5, 2011 at 20:54

?? The documentation is weird. On that same page it states that rememberMe uses regenerateId but that has to do with something else probably. My suggestion now is to check that the php value for session.use_cookies = 1 and that session.cookie_lifetime = 0. Other than that I've run out of ideas right now. – Adenectomy 11/5, 2011 at 21:30

This is perplexing here - whats a better way to implement session handling in this case? – Haro 12/5, 2011 at 7:3

One other thing that popped into my mind is that your browser is doing something that ignores the session length in cookies. – Adenectomy 12/5, 2011 at 16:56

if thats the case then this is something all my browsers are doing :( I'm frankly stumped here – Haro 23/5, 2011 at 11:52

do your browsers have something that deletes cookies periodically? because – Adenectomy 2/6, 2011 at 2:52

I doubt that - I'm always signed into stackoverflow...browser hasnt signed out of here yet :) – Haro 5/6, 2011 at 8:43

Have you tried something like this?

protected function _initSession() {
    $config = array(
        'name'  => 'session',
        'primary'  => 'id',
        'modifiedColumn' => 'modified',
        'dataColumn' => 'data',
        'lifetimeColumn' => 'lifetime',
        'lifetime' => 60*60*24*30,
    );

    Zend_Session::setSaveHandler(new F_Session_SaveHandler_DbTable($config));        
}

This way the lifetime isn't set after initialising the database sessions, but is directly included in the initialisation options - it works for me, I see no reason why this should fail in your case :).

Haemorrhage answered 11/5, 2011 at 11:47 Comment(1)

I doubt its the lifetime issue - as when an entry is made into the database the correct lifetime is entered. However the session ID is regenerated it seems. I'm checking the entries made in the session table here. – Haro 11/5, 2011 at 12:2

I think you need to look once into following values after bootstrap code

session.gc_maxlifetime
session.cookie_lifetime

Sunless answered 1/6, 2011 at 9:37 Comment(2)

WHere in my bootstarp file should I check for this? – Haro 5/6, 2011 at 8:42

check in index.php and check it in init function of any controller, so that you can track whether any modifications is happening in b/w by framework – Sunless 6/6, 2011 at 8:16

If You configure session resources in *.ini config file, check resources.session.cookie_domain parameter. I spend 3 hours when I remembered about it.

Showdown answered 28/6, 2015 at 20:57 Comment(0)

Recommended topics

Hot tags