How to restart Apache without reseting users sessions?
Solution 1
Storing a session token in an alternate location as a backup would prevent this issue. You could still keep your main information in $_SESSION
, but keep a backup token in:
- Cookies
- Database records
- HTML5 Local Storage
You might find some help in this StackOverflow question: best practice for session timeouts and persistent login in php.
Solution 2
Your session data should not be lost just because Apache is shutdown or restarted unless the session data is being stored in memory and not backed up to disk (either by filesystem or database). Otherwise, you could restart the entire server and the session would still persist. Session data is designed to be stored long-term. The only time the session is lost is if:
The SID is lost. The session data still exists server side, but the client is unable to recover the SID, so cannot reinitiate the same session. This can happen if the SID cookie expires (if it's a cookie) or the session links are lost (if the SID is a URL parameter) or the SID is unset server-side or changed without notifying the client.
The session data is deleted server-side. This typically happens when the PHP Session Garbage Collector runs and sees the session file is older than session.gc_maxlifetime (which is 24 minutes by default). Otherwise, it can happen if the application explicitly deletes the session. On some servers, the administrator may also have configured a cronjob to clean out old session data on a regular basis.
Solution 3
Made possible by using the right argument with Apache :
apache2ctl -k graceful
Apache will restart without lose current sessions.
dowik
Updated on September 18, 2022Comments
-
dowik over 1 year
User is logged-in a PHP website > I restart Apache > User needs to log-in again.
How to prevent this? (I don't want user to need to log-in again)
-
Peter Taylor about 12 yearsTo check: you have the ability to edit the PHP, right?
-
bekay about 12 yearsIf it's your own application I would suggest what @Jacob Hume below has suggested and change your application to store sessions in a database table. This gives you more control in my opinion over your site as you can force users to logout if needed selectively.
-
dowik about 12 yearsI can edit PHP. I'm using a CMS (Drupal). I'm also using APC and was looking for a solution in this way.
-
-
dowik about 12 yearsThanks for the answer and thanks the link. I was looking for a solution on server side configuration file (kind of "keep sessions across restart"). But it seems that the solution is in the app side.
-
dowik about 12 yearsOh my... In fact I was simply looking for "apache2ctl -k graceful"!
-
Lèse majesté about 12 yearsGraceful restart only postpones shutdown until current connections are terminated. It doesn't change the restart behavior.
-
dowik about 12 yearsThank you for the details. I will investigate this way. But right now, I will simply use the graceful restart that's seem to fit my need.
-
Lèse majesté about 12 years@dowik: How does a graceful restart fit your need? Is your problem lost sessions or interrupted downloads? If it's the latter, then graceful restart/shutdown will indeed solve that. But then you should edit your question to reflect that. Because graceful restarts have nothing to do with PHP sessions, and it will not help other users trying to prevent sessions from being lost.
-
dowik about 12 yearsI have try to update the title of my question by replacing "PHP sessions" by "users sessions" like describe in the body of my question. Better for you? To be more precise : I use APC. When I change code in PHP files, I need to flush APC cache (restart Apache is the simplest way to do it I know). With "restart" argument, users of my website needs to log-in again. While with "graceful", they don't. That why "that's seem to fit my need".
-
Lèse majesté about 12 years@dowik: I don't think that has anything to do with graceful restart. You most likely just had a restart that coincided with the PHP sessions garbage collector. Login again and try a regular restart immediately afterwards. Unless you're storing sessions in memory (MM), the session will be saved.