php session is randomly lost and cant understand why

First you need to find if the problem is in session's garbage collection or a logical error within the code. For that, you can:

// Add this right after session_start()if (!isset($_SESSION['mySessionCheck'])) {    $_SESSION['mySessionCheck'] = "This session (" . session_id() . ") started " . date("Y-m-d H:i:s");}// For HTML pages, add this:echo '<!-- ' . $_SESSION['mySessionCheck'] . ' -->';// For AJAX pages, add "mySessionCheck" to the JSON response:echo json_encode(    array(        "c" => array(            "u" => $_SESSION['checkoutUrl'],            "q" => $basketData[0],            "l" => $basketData[1]        ),        "mySessionCheck" => $_SESSION['mySessionCheck']    ));

If this message changes at the same time the basket empties, then you'll know for sure it's a problem with PHP sessions.

In that case, there are a few things you can try:

1) You are doing

$lifetime=60 * 60 * 24 * 365;$domain = ".mywebsite.com";session_set_cookie_params($lifetime,"/",$domain);@session_start();

But according to a user contributed note from PHP.net docs:

PHP's Session Control does not handle session lifetimes correctly when using session_set_cookie_params().

So you may try using setcookie() instead:

$lifetime=60 * 60 * 24 * 365;session_start();setcookie(session_name(),session_id(),time()+$lifetime);

Even though it's a 4 year old note as pointed in the comments, I tested it and it still happens (I'm on PHP 5.5.7, Windows Server 2008, IIS/7.5). Only setcookie() produced the HTTP headers to change the expiring date (example setting $lifetime to 600):

Set-Cookie: PHPSESSID=(the id); expires=Mon, 22-Jun-2015 15:03:17 GMT; Max-Age=600

2) If you're using a Debian servers or some derivative, they use a cron job to clear out PHP sessions, so you might try:

• Increasing server's configured maxlifetime;
• Saving your sessions somewhere else;
• Using memcached.

3) To find out if there is some process clearing your sessions, you can place a watch on the directory where the session files are stored (actual path varies from server to server, use session_save_path to find out the location on yours). I'm no server admin, but I've read you can use auditctl for that, just make sure you log who made the changes to your files.

4) If you don't have access to server configuration, or don't want to depend on server config (good if you switch hosts), you can implement your own session handler. Check out this example by Pedro Gimeno.

You put only @session_start(); in the top of your all script.

An also put in the top of your ajax script.

Example Like following:

@session_start();// you may use session script here or header fileinclude("header.php");//some code. you may use session script here or header fileinclude("main.php");//-----------next code

I post here, even if is an old post, in case someone experience this problem, check in php.ini session.gc_maxlifetime, or print ini_get('session.gc_maxlifetime'); you have to set it in your php script or php.ini, on my php version the default is 1440 seconds, I have changed it to 1 month, is enough in my case.Also after start session you can setcookie(session_name(),session_id(),time() + $sessionLifetime, "", "", false, true); I hope this helps.