Yii Framework Forum: Unexpected Session Switching happening randomly in Yii 2.0 - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Unexpected Session Switching happening randomly in Yii 2.0 User Sessions are being flipping automatically every few days Rate Topic: -----

#1 User is offline   saranvarma 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 09-July 17

Posted 28 August 2017 - 02:41 AM

Dear Sir / Madam

We have a peculiar situation happening over a period of few weeks, wherein, Session of any logged in user, is being automatically changed to another user, due to which, all business activity in the application, are happening with the other user, for the subject (whose session is changed / automatically hijacked).

Note: The Session is being "Changed To", Session of Users who had enabled Permanent Cookie using "Remember Me" checkbox, as per our initial observations. Most of the time, this random session override is happening automatically to a single user account, for all users (whose session is being overridden)

We are using Yii 2.0 for all our applications and this problem is imminent and the root cause is still not established, for sure.

We do really appreciate, inputs in this regard

thank you
Saran
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,184
  • Joined: 17-January 09
  • Location:Russia

Posted 28 August 2017 - 08:56 AM

Where sessions are stored? Is there any cache involved? How identity is implemented? How is it stored? Any load balancing involved? Multiple servers?
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

#3 User is offline   saranvarma 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 09-July 17

Posted 28 August 2017 - 11:13 PM

Hi Samdark

We are using CPanel/WHM managed linux servers to host our web application.

1) About Session Storage:
By default, we are using file based session storage, and the sessions are stored in /tmp folder (that is outside public_html, i.e., /home/cpanel_username/tmp).

With the recent CPanel / WHM update, we had enabled session storage for all websites, in CPanel's internal session storage path.

Since this current problem is persisting in both scenarios, we had moved sessions to, our custom chosen Session Save path (i.e., /home/cpanelusername/sessions).

Still the problem persisted...

2) About Cache as Session Store:
Currently, we are not using any in-memory cache (memcache / redis etc), to store sessions

3) About Yii based User Identity implementation:
We are using Dektrium Yii2 User Extension, to handle User management.

4) About User Data Storage:
We are using MySQL database to store user information

5) About Load Balancer usage and Multiple Server scenario:
Currently, this is based on a single virtual server, wherein, both web server and database server exists. We are Apache as HTTP Server and MySQL as Database Server and using Nginx as reverse proxy in this setup.

Finally, I would like to add that, we had enabled HTTPS before few months.

please share your inputs

thank you
Saran
0

#4 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,184
  • Joined: 17-January 09
  • Location:Russia

Posted 30 August 2017 - 05:58 AM

Sounds like caching in either nginx or Apache.
Yii 2.0 Development Cookbook

Enjoying Yii? Star us at github

Support me so I can work more on Yii: https://www.patreon.com/samdark
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users