Sessions Expire Unexpectedly

I have another little problem that I could use some advice on. I have
a session class that handles creating a simple session to keep my
users logged in. It works fine. However, the session will expire in a
random amount of time.

dawnerd schrieb:
>>
I did not look at the code but I can tell you about one way the expire
might happen seemingly "randomly": Do you have any other PHP apps
installed on the server where you are testing your code? They might in
fact be deleting your sessions! Why? Because the sessions for all PHP
apps are by defualt stored as files in the same place: The system temp
dir. This collides with the ability to set the session expiration time
per application. If you have another app on your server where this time
is significantly shorter then at any given time a request on this app
might cause the session data for ALL apps to be cleaned up!
>
Fix: Use a unique storage location for your app and check if the error
persists.
>
OLLi
>
--
Bug? That's not a bug, that's a feature.
[T. John Wendel]

Or maybe my suggestion has nothing to do with the problem. I was
writing my message while the second two replies came in, so I didn't
see them coming. dawnerd, what Oliver G. pointed out does not mean
that your own applications might delete it, but if you are on shared
hosting than something you don't know about might be abducting your
stuff.
>
-Mike PII

HI everyone.
>
I have another little problem that I could use some advice on. I have
a session class that handles creating a simple session to keep my
users logged in. It works fine. However, the session will expire in a
random amount of time. I've checked php's configuration and they are
set to expire when the browser is closed (and is what I want). It also
uses cookie sessions rather than the session if in the url. I have
access to both php4 and 5 if needed (all of the code is php4 though).
>
Here is some of the session code.
/**
* newSession( $userId, $password )
* Creates a blank session.
*/
function newSession( $userId, $password )
{
/**
* Set the user info in the session.
*/
$config = new configuration( $this->database );
$config->getConfig();
$configArray = $config->configArray;
>
$_SESSION['honey'] = $userId;
$_SESSION['bun'] = sha1( $configArray['salt'] . $userId .
md5( $password ) );
$_SESSION['glaze'] = time();
}
>
/**
* checkSession()
* Checks the current session.
*/
function checkSession()
{
$config = new configuration( $this->database );
$config->getConfig();
$configArray = $config->configArray;
>
$userId = mysql_real_esca pe_string( $_SESSION['honey'] );
$this->current_user_i d = $userId;
>
$sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
$query = $this->database->query( $sql );
$num = $this->database->count_rows( $query );
>
/**
* Check if user exists
*/
if( $num != 1 )
{
$this->error = "Session expired.";
return false;
}
>
/**
* Check hashes
*/
$sql = "SELECT * FROM `users` WHERE `id` = '$userId'";
$query = $this->database->query( $sql );
$row = $this->database->get_row( $query );
$tempHash = sha1( $configArray['salt'] . $userId .
md5( $row['pass'] ) );
>
if( $_SESSION['bun'] != $tempHash )
{
$this->error = "Hashes do not match.";
return false;
}
>
/**
* Check if session is expired.
*/
>
$tempTime = time() - 82400;
>
if( $_SESSION['glaze'] < $tempTime )
{
if ( isset( $_COOKIE[session_name()] ) )
{
setcookie( session_name(), '', time()-42000, '/' );
}
>
session_destroy ();
>
$this->error = "Session timed out";
return false;
}
>
$this->getUsernameFro mId( $userId );
$this->updateSession( );
>
return true;
>
}
>
I always get the session expired error I return. Any idea?
Improvements?