Random expiration is a classical symptom of session data directory shared by several applications: the one with the shortest session.gc_maxlifetime time is likely to remove data from other applications. The reason:
- PHP stores session files in the system temporary directory by default.
-
The builtin file handler doesn’t track who owns what session file (it just matches file name with session ID):
My advice is that you configure a private custom session directory for your application. That can be done with the session_save_path() function or setting the session.save_path configuration directive. Please check your framework’s documentation for the precise details on how to do it in your own codebase.