antijoey wrote on Monday, April 23, 2012:
Brady,
You were correct, sir. After an extended conversation with customer/tech support, we wrangled out the details. The issue was indeed where and how the session data is stored.
In this case, I had already created a /tmp directory and created a session.save_path entry in php.ini to that directory (as no default path is provided by host). Additionally, this path is duplicated in globals.php as such:
session_save_path('/absolute/path/to/tmp');
ini_set('session.gc_probability', 1);
, although one or the other may be enough. it’s working so I’ll leave it alone for now.
Furthermore, /tmp is permissioned 755 (is this too liberal? I don’t want any hijacked sessions!). However, these changes did not take effect without the intervention of my hosting provider. I would imagine this to be true for many shared hosting situations.
Things now seem to be completely in order and functional. Thank you for pointing me in the right direction. As this problem was cross-posted, I shall duplicate this in the other thread.
SOLVED
aj