PHPSessionID deleted in one minute

Hey All,

Just started with Cloudflare. It got active this morning and the problems started directly. My php session is destroyed after 1 minute. This causes users to be logged out. What settings or cookie set code in php must I use to make sure the session stays alive on cloudflare?

Cookies are not touched by Cloudflare and tunnelled through as-is. You can pause Cloudflare (Overview screen, bottom right) to analyse the issue directly on your server.

1 Like

I just pauzed my website since it is not working correctly. But i see the session cookie deleted after one minute. Which doesnt happen when the site is not on clouflare. So any suggestions?

Is the cookie definitely deleted and some page isn’t just cached?

If the cookie is deleted, it is deleted either by your JavaScript code or by your server. Unfortunately that is beyond the scope of this forum and better discussed at StackExchange.

It ia deleted. Monitored it in network tab. But this is not the case before cloudflare. But you suggest to ask there because even though it happends only when cloudflare is active, it is no cloudflare problem?

Once more, Cloudflare does not tamper with cookies. If they are actively deleted that’s happening within your code and that’s what you need to check.

But you can certainly post a demo link where the behaviour can be observed. Should it turn out to be your server, then you owe me a coffee :wink:


Thanks so far. I will try stackoverflow to see if anyone knows what causes this issue. It is just the default session start php sends that is removed after one minute and with it all active sessions. I cant find documentation what to do diferent when i use cloudflare, so if it is my code. I have no idea where to begin searching.

Allrhough. One thing commes to mind. There is a check for IP acces and when changed the code deletes cookies. Is it possible that the ip is not stable or showing user ip when on cloudflare?

I’d start finding out how the cookie gets removed, whether it expires or is locally removed or via another Set-Cookie header.

You should also double check that you are not running any Cloudflare Worker that might alter your headers.

But Vanilla Cloudflare will not tamper with cookies.

Of course, if you haven’t rewritten IP addresses requests can come from different proxy addresses. In that case you’ll need to rewrite IP address at your server.

1 Like

Thanks. I will see if i can work with this to make the original ip show up.

If you haven’t done that yet, you should definitely do that as otherwise your log files will be only partially useful.

I will try. A bit new to this. Dont realy understand what the documentation wants me to do exactly. But i will search around.

No worries, is a great resource for that.

I’d also point out #tutorials and the search on the forum will also provide a lot of threads on most topics. Particularly rewriting/restoring IP addresses has been extensively covered. Along with our all-time favourite SSL of course :slight_smile:

Well, when using Cloudflare, we need to inject our IPs. That way, we can terminate SSL/TLS connections and apply all the features and protections that you want. Due to this setup, your visitors will connect to our servers, and our servers will then further connect to yours. That’s why your servers will only be able to see our IPs, and a potential attacker won’t be able to see yours.

Now, since you still want or need to get the visitors original IP, and not our IPs, we have a HTTP header in place that’s called CF-Connecting-IP which sends you the real IP of the visitor. You’d need to use this instead of whatever you use to detect the IP addresses at the moment.

Thanks for responding. Made changes in php to fetch as described. I now changed back the nameservers and reactivated clouflare. But it looks like the site is not connecting trough cloudflare. Does it take a long time to connect or do i need to restart something?

These changes shouldn’t be made on a PHP level but at your webserver instead.

As for your question, if you changed nameservers, that can take up to two days for DNS propagation. What’s the domain?

Found a solution on stackoverflow of how to determine the real ip in php. Changed back the settings to before but i have no cloudflare connection yet, so i cant test if it is working…

1 Like

Again, that should not be done on a PHP level. Otherwise you have inconsistent data.