Codeigniter sessions issue

2
votes

I am using codeigniter. I have a weird problem with the sessions. I set the session when the user logs in and redirects him to a new page. I observe that the sessions are set sometimes and sometimes they aren't set. I have tried using codeigniter sessions & native sessions with sess_use_database variable TRUE and FALSE. I have no idea of what's going on.

This is how the config file looks like:

$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 7200;
5
codeignitersession
what behaviors were you noticing with each type of session? what is your session time_out set to? this is pretty vague. - Rooster
I am sorry about it. This is how the config file looks like $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = TRUE; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 7200; - Nikhil
and you created the table in the database per the instructions for using the db with session in ci? - Rooster
one of the quirks I've noticed when using the db_session library that isnt immediately apparent when you are used to using the non_db session library is that you need to use $this->db->sess_create() after $this->db->sess_destroy(). I had issue with this in my log in script as my code was trying to make sure there was a clean session before starting a new one. Perhaps this is the issue? - Rooster
This is what's happening. I go to the login page. The session is set. Now it redirects them to a getting started page which makes use of the session data. (This is where the problem persists) and when it comes to the home page the session is set. - Nikhil

5 Answers

2
votes

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

In order to store sessions, you must first create a database table for this purpose.

Create it in your DB:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

When, go at config and and change:

$config['sess_use_database']    = TRUE;

I prefer to save the session in database because it is more secure and works without problem.

0
votes

Where is your sess_cookie setting? I dont see it there?

$config['sess_cookie_name']     = 'cookiename';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 7200;

Make sure whatever cookie name you pick does NOT have an underscore. i.e:

$config['sess_cookie_name'] = 'mycookie';   // good
$config['sess_cookie_name'] = 'my_cookie';   // bad
0
votes

Had the same issue and what I found it having 

    $config['sess_encrypt_cookie']  = TRUE;
    $config['sess_use_database']    = TRUE;

Will insert 2 records in the session table, the first record with the data and the second record with nothing hence the session data not accessible. When you change

    $config['sess_encrypt_cookie']  = FALSE;

to false it will only insert one record into the session table with all the data and all will be right with the world :)

0
votes

I think that it's just not getting updated as supposed and it creates a new one on every page request. (common Codeigniter's setting issue)

here's my suggestions:

double check your Application/Config/config.php file to ensure that the part of session domain looks like that if you host the site on the main directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "var/sessions/";
$config['cookie_secure']    = FALSE;

and like that if you host the site on a sub-directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "siteSubDirectory/var/sessions/";
$config['cookie_secure']    = FALSE;

and also make sure that the 2 directories are writable by fixing their permissions to 755 or so, and I strongly recommend that you enable database session, it's more secure and will help you find out the real problem by checking the session table. good luck :)

0
votes

try $config['sess_match_useragent'] = FALSE;

i'm experiencing the same issue with sessions and redirects and i've hacked my cms to find out what's causing this. setting that in config.php worked for me.