I have a rather large PHP application (several thousand unique URLs, user logins with various roles, etc.). PHP has a session timeout set in php.ini for 1 hour (3600 seconds). The way to work with logins is as follows: when a user successfully logs into the application, some things about the user are stored in $ _SESSION, including username, real name, role identifier, etc. On every page access available (shared code), $ _SESSION is checked for these variables, and if they are present, the user goes where they requested. If there are no variables, the user is redirected to the "without registration" page.
This has been working fine for the past few years and still works fine - mostly. In a very random way, the session session seems to time out without warning or anything else. For a registered user, this can be seen as follows: log in, do something, go to the next page - and instead log out and return to the "without registration" page. Naturally, this is very annoying. However, the random nature of this behavior makes research extremely difficult.
I never experience this on my machine in any browser. There is another machine in the office where this happens in every browser all the time (at least I can reproduce the problem). On another machine, this happens in one browser and does not happen in another browser. Yet on another machine, this happens sometimes, and not at another time. Today we received a call from one of the clients who are faced with this problem, but when asked to try in another browser, it worked fine.
This is not due to the browser version, as it works on some machines and not on others with the same version. Moreover, having two identically installed machines, this sometimes happens on one, but never on the other. Thus, in general, it seems that something very, very strange happens to the sessions, but I'm completely fixated on where to look. I have been trying to research this for most of the last few months, but have not received it anywhere. Where else to look?
At this point, any help is more than appreciated.
ADDED: This is part of my php.ini session:
[Session]
session.save_handler = files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_divisor = 100
session.gc_maxlifetime = 3600
session.bug_compat_42 = 1
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 4