CodeIgniter Forums
CI 3 RC Sessions: mark_as_temp() - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forum-6.html)
+--- Forum: Issues (https://forum.codeigniter.com/forum-19.html)
+--- Thread: CI 3 RC Sessions: mark_as_temp() (/thread-969.html)



CI 3 RC Sessions: mark_as_temp() - summer - 02-02-2015

Hi There everyone!

I have downloaded the "CodeIgniter 3.0 release candidate" from the first post in the below thread of this forum.

http://forum.codeigniter.com/thread-890.html

i was trying to set some data to tempdata when i started getting this error:

Code:
A PHP Error was encountered

Severity: Notice

Message: Undefined variable: ts

Filename: Session/Session.php

Line Number: 492

I checked the Session.php file and
Code:
$temp[$k] = $ts; ( Line Number: 492)
is generating the error.

i hope this will be helpful.

Regards.


RE: CI 3 RC Sessions: mark_as_temp() - summer - 02-02-2015

I think it should be
Code:
$temp[$k] = $v;

but still if $config['sess_expiration'] is less than ttl, tempdata gets cleared.


RE: CI 3 RC Sessions: mark_as_temp() - Narf - 02-02-2015

(02-02-2015, 01:11 PM)summer Wrote: I think it should be

Code:
$temp[$k] = $v;

https://github.com/bcit-ci/CodeIgniter/commit/43df7bda07b1d0949bd50fb21148668fa6c235f5

(02-02-2015, 01:11 PM)summer Wrote: but still if $config['sess_expiration'] is less than ttl, tempdata gets cleared.

Naturally, if your session expires, any tempdata in it gets deleted as well. Or do you mean something else?


RE: CI 3 RC Sessions: mark_as_temp() - summer - 02-03-2015

(02-02-2015, 02:23 PM)Narf Wrote: Naturally, if your session expires, any tempdata in it gets deleted as well. Or do you mean something else?

Actually i'm stuck in a little problem, i will really appreciate it if you can help me or guide me in the right way.

i m working on a back end for my websites, you can call it backend or c-panel.

my config is like this:

$config['sess_expiration'] = 7200;
$config['sess_time_to_update'] = 300;

which i don't want to change for obvious reason, i might change them for the front end site sessions, but for backend if a user checks remember me while logging, i want to give him sess_exipration of at least 2 days, with session not expiring on browser close. but if he doesn't check remember me i want to expire his session after 1 hour with session expire automatically on browser window close.

for that reason i was trying to use set_tempdata, when i found above issue.

Regards.


RE: CI 3 RC Sessions: mark_as_temp() - Narf - 02-03-2015

I just stumbled upon this article about "Remember Me" yesterday: https://resonantcore.net/blog/2015/02/remember-me-safely-secure-long-term-authentication-strategies

As for expiring a session after one hour or on browser close ... you can't have both. Being very careful with your settings, you can force the garbage collector to erase sessions that haven't been modified within the past hour, while otherwise having sess_expiration set to 0 (which means expire on browser close), but GC is still run by chance.

Just set the expiration to one hour - if the user is active, they'll extend that period; and if not - on browser close still means "until GC runs and clears inactive sessions". You can't do anything better than that.


RE: CI 3 RC Sessions: mark_as_temp() - summer - 02-03-2015

Hi Narf!

Thanks very much for the feedback, i have read the link you provided. it was very helpful clearing my mind about useful and un-secure strategies.

but the solution provided there, it might help me in future when i'm making a very secure project and if that's the demand of the client.

but as of now, i don't want to store my sessions information in database, especially not for the backend. it will really helpful if you can give your insight on my below settings and coding.

1. I'm autoloading 'session' libaray in my project like this:
Code:
$autoload['libraries'] = array('database', 'session');

2. My config is like this:
Code:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 86400;
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
^ i have decided to set the sess_expiration to 1 day for both my front-end and back-end users generally.

3. my Login_model does this, besides other things:
Code:
if ($remember_me) {
       $this->session->set_userdata($data);
     }else{
       $expire = 3600;
       $this->session->set_userdata($data);
       $this->session->mark_as_temp('admin_id', $expire);
       $this->session->mark_as_temp('username', $expire);
       $this->session->mark_as_temp('first_name', $expire);
       $this->session->mark_as_temp('last_name', $expire);
       $this->session->mark_as_temp('logged_in', $expire);
       //$this->session->mark_as_temp($data, $expire);
       //$this->session->set_tempdata($data, NULL, $expire);
     }

this is working somewhat for what i wanted in previous post, can you guide if this is the right approach or am i doing something wrong. for some reason last two commented lines in else case are not working and i have to set tempdata one by one on each variable.


RE: CI 3 RC Sessions: mark_as_temp() - Narf - 02-03-2015

mark_as_temp() accepts keys that already exist in "userdata".


RE: CI 3 RC Sessions: mark_as_temp() - summer - 02-03-2015

Yes of course i know that, my data is like this:
Code:
$row = $query->row();
$data = array(
 'admin_id' => $row->admin_id,
 'username' => $row->username,
 'first_name' => $row->first_name,
 'last_name' => $row->last_name,
 'logged_in' => true
);