PHP Session are mixing up

I have made a rather big project that has about 100 users online at the same time. The project has over 50 applications developed in Scriptcase 8.1.

The problem is that at some point, random point, when a user navigates through the apps or uses it, he gets the session of another logged user.

I have studied the problem for a while now and I did the following:

  • changed php.ini from my server to have shorter time of session expiration and other cookie options;
  • added in app_login at the beginning $_SESSION = array() and session_destroy();
  • restarted the machine and reinitialized apache and php processes.
I also studied the fact that Scriptcase usually creates a session even at the login screen, before logging in. After logging in, it deletes the content of that session and uses the same physical file for the next log in. Is that right, or I got this one wrong?

Nevertheless, I would appreciate a bit of help here. Has anyone encountered this problem before? Do you have any advice on how to treat this bug?

Thank you,

The sessions are based on the connection it comes from. Just like normal php session variables. Nothing special.
Maybe there is another issue tho. For example there is not enough memory on the server configured… Check your log files, likely they tell you enough to figure it out…
Over here it runs fine with many users.
Then again we mainly use session cookies.
The point of using the same file, well this is then a misconfiguration I think. The session should depend on the client ip number and browser.

​For real (and for my learning,) is this a valid reason for sessions to jam in PHP or SC? That would be most alarming!!!

Hi guys,

I have never observed this serious situation in any of my SC applications. This is important to understand the cause. I hope more info is posted as to any findings.

Seems like you will have to log to a file of DB table info about what is happening before and after this condition happens. Going to be hard to automate that type of test, but if you stored and monitored the state and had it flag this change, or even email you as admin of the fault.

If rr is correct and you are somehow blowing past some server capability, you could also monitor CPU or memory and log that as well. You may get that info from your host or server, but it is hard to correlate with SC actions. If you log both yourself you might see what is happening.
I use code like this to monitor my server CPU (I have some processes that can use a lot of processor power on a quad CPU):

$load = sys_getloadavg(); // get the linux system average load on processors
$load1 = $load[0]; // 1 minute ave
$load3 = $load[1]; // 3 minute ave
$load15 = $load[2]; // 15 minute ave    
$core_nums = trim(shell_exec("grep -P '^processor' /proc/cpuinfo|wc -l")); //  
$percentageload1 = round($load1/($core_nums)*100, 2);
$percentageload3 = round($load3/($core_nums)*100, 2);
$percentageload15 = round($load15/($core_nums)*100, 2);
[performance] =  "Load (".$core_nums." CPU Cores) " .
" -- 1 Min Ave= ".$load1." / ".$percentageload1."%" .
" -- 3 Min Ave= ".$load3." / ".$percentageload3."%" .
" -- 15 Min Ave= ".$load15." / ".$percentageload15."%";

You could display or log [performance].

I often use the SC built in log and then use the macro to add custom info as needed.

Again, I would be interested to see what you ultimately find. Since you are using the ‘stable’ SC 8.1, same as most of us, I am hoping it is not a system issue. Maybe somehow you have some code in one app that causes this? And again, perhaps rr is correct - it has to do with the server.

Just thinking - could an error during generation lead to a ‘random’ thing like this? I would just make sure all apps regenerate normally.

The trick is catching error and enough telemetry to debug. Intermittent errors are always worse. But they have to do the same with Mars Rover software glitches and stuff a million miles away, so you will find it :slight_smile:

Good luck,

I haven’t seen this behaviour. It’s pretty common to start PHP asap with session_start. So before a user is logged in. Are you passing user information in your links? Could it be that something goes wrong there? Have you set your global variables to session variables?