CodeIgniter Session Expires on Page Refresh

2
votes

We have a CodeIgniter based SAAS application. Sessions are stored in the database. We use this class as a replacement for CI sessions

With one specific customer ( same office, multiple users, same IP ), the session is getting reset or destroyed on a page refresh.

This has never happened before with any other users or from other location. I am not able to reproduce this issue.

Steps:

  • User Logs in & sees home Page.
  • User begins navigation by clicking some link
  • Session times out and they are prompted to login again
  • And this continues after each login.

Session expiration is set to 3000 s and time_reference is GMT and sess_time_to_update = 300 s.

Any help on how to go about investigating this issue will help.

  • This happens in IE , Chrome and therefore does not seem to be a browser issue.
  • This same set of users have never had this issue before.
1
codeignitersession
To be able to answer this question, will need to know how your logging system works, (maybe a snippet of your logging function) and how you check on every protected page that user is logged in (whether you are using Base Controller for the admin part or you are checking in each controller for the user session). I would advise you to start using the CI core session class, cause if it wasn't good/secure it wouldn't be used in Expression Engine to begin with, and probably it's one of the best Session implementations in PHP that I have ever seen or worked with, no matter they are utilizing cookiezokibtmkd
Which version of Codeigniter are you using?Tim
I don't agree with @zokibtmkd that the CI session library is good. Just check the CI forums and search for sessions, it is full with problems. For example, it cannot properly deal with Ajax requests.Fer
I have also just ran into this issue using Chrome 15. My issue is like follows: 1. Access login form | 2. if password correct, display page with session variable and value 'echo'ed (this is the same URL as the page with the login form, but the login form no longer displays) | 3. Click the address bar, press enter (refreshing would repost the data, and reset the userdata) and the session variable is no longer defined.SgtPooki
I am having a similar problem. The weird thing is that it is happening in my CoolNovo(based on chrome) while it is working perfectly fine in IE. In CoolNovo, the session id refreshes every time I reload the page.user482594

1 Answers

1
votes

check the size of the session cookie. maybe it is larger than the allowed size > 4096. I know it's a long shot, but try it out nevertheless.