How to keep extending session life when user is active?

Question

Let\'s say there\'s a site/system with a logged in member area, and users are rarely, but very inconveniently logged out while working with the site/system.

It\'s doubt

Answer 1

It is hard for me to answer this without further information however are you sure this only happens when you have more traffic. What can be done:

• Add the codez
• OS distro and version
• PHP version

Do you have any session checks that rely on the IP. If so it might be that you are actually using a proxy which gives a different IP once every so oftern (like Cloudflare) in which case you can use the HTTP_CF_CONNECTING_IP to get the actually constant IP.

I have also noticed one more thing:

session.use_only_cookies = 1
session.cookie_lifetime = 0

So the cookie will actually be destroyed when the browser closes. Is it possible the connection is lost because the user closes the tab (which in some browsers does actually clear the cookies)?

As others have suggested I would strongely say you move to a DB session. Using a central session store can help in stopping race conditions, it won't stop them completely but it does make it harder. Also if you really get that many session ids you might wanna look into using something other than the built in PHP session id, however the built in hash is extremely unique and has a very low chance of being duplicate so I don't think that's your problem.

Clarification Edit:

If you are using a different proxy to Cloudflare then you will, of course, need to get the HTTP header thart your proxy sets, using Cloudflare is an example.