How to restart Apache without reseting users sessions?

php apache session
11,786

Solution 1

Storing a session token in an alternate location as a backup would prevent this issue. You could still keep your main information in $_SESSION, but keep a backup token in:

  • Cookies
  • Database records
  • HTML5 Local Storage

You might find some help in this StackOverflow question: best practice for session timeouts and persistent login in php.

Solution 2

Your session data should not be lost just because Apache is shutdown or restarted unless the session data is being stored in memory and not backed up to disk (either by filesystem or database). Otherwise, you could restart the entire server and the session would still persist. Session data is designed to be stored long-term. The only time the session is lost is if:

  1. The SID is lost. The session data still exists server side, but the client is unable to recover the SID, so cannot reinitiate the same session. This can happen if the SID cookie expires (if it's a cookie) or the session links are lost (if the SID is a URL parameter) or the SID is unset server-side or changed without notifying the client.

  2. The session data is deleted server-side. This typically happens when the PHP Session Garbage Collector runs and sees the session file is older than session.gc_maxlifetime (which is 24 minutes by default). Otherwise, it can happen if the application explicitly deletes the session. On some servers, the administrator may also have configured a cronjob to clean out old session data on a regular basis.

Solution 3

Made possible by using the right argument with Apache :

apache2ctl -k graceful

Apache will restart without lose current sessions.

Share:
11,786
dowik
Author by

dowik

Updated on September 18, 2022

Comments

  • dowik
    dowik over 1 year

    User is logged-in a PHP website > I restart Apache > User needs to log-in again.

    How to prevent this? (I don't want user to need to log-in again)

    • Peter Taylor
      Peter Taylor about 12 years
      To check: you have the ability to edit the PHP, right?
    • bekay
      bekay about 12 years
      If it's your own application I would suggest what @Jacob Hume below has suggested and change your application to store sessions in a database table. This gives you more control in my opinion over your site as you can force users to logout if needed selectively.
    • dowik
      dowik about 12 years
      I can edit PHP. I'm using a CMS (Drupal). I'm also using APC and was looking for a solution in this way.
  • dowik
    dowik about 12 years
    Thanks for the answer and thanks the link. I was looking for a solution on server side configuration file (kind of "keep sessions across restart"). But it seems that the solution is in the app side.
  • dowik
    dowik about 12 years
    Oh my... In fact I was simply looking for "apache2ctl -k graceful"!
  • Lèse majesté
    Lèse majesté about 12 years
    Graceful restart only postpones shutdown until current connections are terminated. It doesn't change the restart behavior.
  • dowik
    dowik about 12 years
    Thank you for the details. I will investigate this way. But right now, I will simply use the graceful restart that's seem to fit my need.
  • Lèse majesté
    Lèse majesté about 12 years
    @dowik: How does a graceful restart fit your need? Is your problem lost sessions or interrupted downloads? If it's the latter, then graceful restart/shutdown will indeed solve that. But then you should edit your question to reflect that. Because graceful restarts have nothing to do with PHP sessions, and it will not help other users trying to prevent sessions from being lost.
  • dowik
    dowik about 12 years
    I have try to update the title of my question by replacing "PHP sessions" by "users sessions" like describe in the body of my question. Better for you? To be more precise : I use APC. When I change code in PHP files, I need to flush APC cache (restart Apache is the simplest way to do it I know). With "restart" argument, users of my website needs to log-in again. While with "graceful", they don't. That why "that's seem to fit my need".
  • Lèse majesté
    Lèse majesté about 12 years
    @dowik: I don't think that has anything to do with graceful restart. You most likely just had a restart that coincided with the PHP sessions garbage collector. Login again and try a regular restart immediately afterwards. Unless you're storing sessions in memory (MM), the session will be saved.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What may cause an ERR_CONNECTION_RESET error, on xampp while using session
phpmyadmin token mismatch for long time idle
Symfony 3.1.5 Warning: SessionHandler::read(): Session data file is not created by your uid
session_start seems to be very slow (but only sometimes)
Location for session files in Apache/PHP
Get PHP session vars in .htaccess
Allow php sessions to carry over to subdomains
Debian based systems Session killed at 30 minutes in special cron, how to override?
WAMP "Unable to load dynamic library php_intl.dll"
HTTPS giving 404 not found error