session variable __elgg_session changing every page view


I'm having a curious problem that's probably caused by my server, but I would still very much appreciate your thoughts and advise.

Since yesterday my elgg site no longer accepts form input (preventing users to log in and post stuff), because of a token mismatch. I've been digging all day to find out what's going on. I've traced the problem to the session variable __elgg_session (i.e. $_SESSION['__elgg_session']) changing with every page view. Elgg uses this session variable when generating the token, which is sent to the browser in the hidden input field of forms and subsequently sent back to elgg when the user submits the form again. Since this session variable is for some reason changing with every page view, this causes elgg to return the token mismatch error... I am absolutely certain that this is the problem, because I've made a test script and tested on two different servers running the same elgg versions. On the production server, the variable changes with every page view, while on the test server, it remains constant, and the entire problem doesn't occur as a result.

I'm wondering why this session variable keeps changing with every page view... Here's what I can tell you from my subsequent investigations:

  1. The problem first occurred on elgg 1.8.13. As part of my attempts to solve the problem I've now upgraded the site to 1.8.14. No change, problem persists on the production server and remains on the test server. So I'm thinking there must be a problem on the server, not elgg. But what...?
  2. I've looked at the code in which this session variable is generated, and I see absolutely no reason why this could be an elgg bug. I've been thinking that maybe for some reason this session variable is thrown in the garbage with every page view (i.e., picked up by PHP's session garbage collection functionality), but why...? :)
  3. I'm quite sure no one has changed anything to the server config since yesterday, but I do know that the server was temporarily unavailable about 24 hours ago. Maybe something happended, but my hosting provider and I cannot find any evidence of that. phpinfo() doesn't return anything strange about PHP's session config. PHP's session functionality itself seems to be working fine as well. The session_id remains constant, as it should be, and a simple test to see whether any old session variable can be stored across page views revealed no problems. And the rest of the site works fine - users can view all sorts of content for example.

Just for completeness sake:
The production server is running PHP 5.3.19, while the test server is running PHP 5.3.3. Both are running Linux. Ow, and both are not using elgg's simplecache/systemcache at the moment (probably has no influence in this case anyway).

All ideas and comments greatly appreciated!

  • I found out what happened! :) The users_sessions table had crashed. Perhaps related to the server problems I mentioned. This is the table in which elgg stores session variables, so if it isn't accessible, the whole session won't work. After repairing the table in phpMyAdmin, all was well again.