Hi Petr,
We decided to downgrade Apache from 2.0 to latest 1.3, as I read about
people not experiencing session problem with Apache 1.3 and suggestion
of not using Apache 2 with PHP (on PHP site). We are not experiencing
the problem again, but it does not mean it is over, as it was _very_
random.
Anyway...
I've a look to diagnostic code.
I'm not sure it will capture the "insane" sessions.
What I saw with my own eyes, were two clients using the same newly
created php session file, when they first connect to the server (and
so, I suppose, having received the same session ID).
Of course they continued with the same (shared ...
) session (id and file) until session expired.
I'm not sure this diagnostic code can detect this problem.
I think the only way is to store in session some client unique informations not related with session (as client IP, user agent...) and warn if they changes during a session.
I added these two check to your code.
Please have a look
Lorenzo