Sessions expiring often?

[NC-Designs]

Sorry, you may notice I have a lot of questions to ask but I thought it would be better if I kept them separate.

Anyway, I am having some issues with the length of sessions using LiteSpeed. I am not sure if this is a known issue or not? I have checked over my php.ini settings and they are all fine. I have recently rebuild PHP also.

After testing I also noticed that every time Litespeed is restarted (Even gracefully) all sessions are lost. Is there a way to prevent this in a future version? As it does cause quite a few problems. If you imagine on a shared server and maintenance needs to be performed where Litespeed will be restarted multiple times, peoples sessions last just minutes if that.

Also, if the Fix 503 Error setting in LiteSpeed is enabled, this will cause some problems especially on a shared server as every time a 503 error is produced, all sessions on the server are lost.

 

[NiteWave]

I'm not very sure about this. but there are similar discussion before on the forum.for example, if a user download a large file say 700M and need about 10minutes, what will happen if litespeed restart after just download 5 minutes? does the use have to download again? looks not. lsws will keep the old requests and process until it completes. -- maybe you can test it. I may run a test later today to confirm this.

 

[NC-Designs]

Well it's more for forums etc than downloads. A lot of forum softwares use sessions and visitors/ customers will get annoyed if their session is constantly expiring and they find themselves having to log back in all the time.

 

[NiteWave]

this issue looks common among all web servers? not only litespeed. each web server should avoid restarting frequently.

2nd, restart may not be that worse to break session. it's known http is a stateless protocol. application may save the session data in cookies to indicate login or logout, and don't need login again just because web server has restarted once.

To test this, I logged in a wordpress blog, restart lsws and browse the blog in between, the blog always showed I'm logged in, no need re-login. only when I clicked "log out" explicitly, need I login again.

 

[meto]

What is your session handler? Use tmpfs on /tmp or memcache(d) handler to have them after restart. My guess is, that you're using some RAM/mmap driven session handler (such as eaccelerator).

 

[mkaaaay]

I'm having this issue, php7.3, lsapi handler

We have directive set in htaccess, as well as core 7.3 ini file via whm.

So why are we being forced to login every 5 minutes still?

 

[serpent_driver]

What about session.gc_maxlifetime in WHM -> MultiPHP INI Editor?

If you make changes in MultiPHP INI Editor it can take some minutes until these settings work. (<15)

 

[mkaaaay]

I've tried that, still getting quick timeouts.

 

[serpent_driver]

Then, it will be overwritten by session handling in your application.

Check for:

@ini_set("session.gc_maxlifetime", value_in_seconds);

 

[mkaaaay]

thanks, yes I did this based on https://stackoverflow.com/questions/8311320/how-to-change-the-session-timeout-in-php
Will see how we go.