Search code examples
phpsessionpermissionssession-cookies

PHP Session Storage / Update Issue

Before getting marked for duplicate questions, I know about this and this issues.

My problem WAS the same: I have a chat polling script, that fires a request to the server every xth second, and after n requests without update content coming from the server, the interval time is extended by x. As soon as a response holding update content is returned by the server, the interval time is reset to x.

EXCLUSIVELY for this script, after what seems to be a random amount of m polling requests, the request fails, and I get a 500 internal server error, saying:

PHP Notice:  session_start() [function.session-start.php]: ps_files_cleanup_dir: opendir(/var/cache/php-sessions) failed: Permission denied (13)

I then, according to the provided questions and other forums, created a php-sessions folder within my server root, with an access of 700, and set the session_save_path to the according directory. The sessions now get effectively stored within that directory.

BUT, I now do not get the above-mentioned error anymore, but instead a 400 client error, also after a random amount m of polling requests, with the server replying with 0.

My hosting service tells me to look for help in PHP forums, but in my opinion this does not make any sense, as the request does not even reach the server, and hence what's the link to PHP here?

I just wanted to check if anyone had the same issue, and how to tackle this?

UPDATE

Not sure if this helps, but I've checked back with my host, and they've said the following:

  • They have a cronjob which deletes sessions which are older than 24 hours from the /var/cache/php-sessions folder.

  • They additionally use php's native garbage collector with session.gc_probability = 1

Can it may be that these two somehow compete with each other, and that that causes the error?

Solution

  • I came around a variety of different issues when trying to combine PHP's native $_SESSIONs with some of my project setups. The main issue was my attempt to try to combine PHP Sessions (stateful) with stateless approaches like REST. I finally concluded that in such cases, it's better to implement your own session handling using performant DB solutions like redis, or simply setup your own logic by adapting PHP's native session handling.