Sessions getting mixed up PHP

Question

Hi we have been operating a system for about 500 users online on one centralized dedicated server. Our application is coded in PHP. Recently when we have a reasonable load of about 100 -150 users sessions start getting mixed up. For instance if a user logins as A after a while his session switches to User B who is also logged in. The system has been in operation for over a year and this is the first time we are facing the problem.

The server is running Centos. Is this anything on the server end or is it something in the code. Any help much appreciated.

Answer 1

First, be sure your sessions are expiring and being cleaned up properly. Second, be sure that your session id randomization is good enough. Either issue could cause collision.

Answer 2

Several possibilities you should investigate

• Caching: if you are using caching, then this is probably the case (the cache is regenerated and erroneously served to users)
• Sessions not expiring for some reasons. Go where PHP stores sessions (it is a directory, and it is dependent on your php.ini) and see what is there. If there are thousands of files, then something is wrong with your expiration policies.
• Proxies in the middle: incorrectly configured caching proxies may also interfere with login procedures (this has recently been the case with mobile users having your problem)

Answer 3

Just posted a reply to the same question asked a few minutes later by another user.

I agree with Palantir's first and third points - but 2nd is very, VERY unlikely to be the cause of the problem.

Are you using a customer session handler? The default handler is working for thousands for people.