• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session not working because of sess_time_to_update mechanism

#1
[eluser]Unknown[/eluser]
Research: I've found a lot of posts on CodeIgniter sessions unexpectedly expiring for AJAX-based web apps, but haven't found a working solution for my specific issue.

Findings: I've narrowed it down to how sess_time_to_update works, and here's an illustrative example. Suppose I set sess_time_to_update to 1 minute. After the minute is up, the session ID is regenerated. This updates the database and currently set cookie. And that's where things go wrong. After the reset, the browser cookie is actually destroyed, and the user in my web app is logged off.

Confidence: I've verified that this is the cause of my sessions expiring by toggling return immediately in the sess_update() function. Snippet below.

Code:
/**
* Update an existing session
*
* @access public
* @return void
*/
function sess_update()
{
return;
...

Expecations: I don't wish to use native sessions, I prefer to stick with CodeIgniter sessions. If the solution works, the user would stay logged in for at least longer than the value of sess_time_to_update.

Configurations: I'm using sess_use_database = TRUE. My CodeIgniter version is 2.2.0.

Other notes: It's interesting that I have the same install on another web app but that one works perfectly. Honestly, I've no idea why that would be.

#2
[eluser]Unknown[/eluser]
Answering my own question, but the issue had to do with a race condition that developed as a result of how my own controllers were being called. This article is somewhat helpful, but I basically had to re-do some of my own code to fix this error. The race condition developed between the cookie updating and the new session ID being written to the database

#3
[eluser]InsiteFX[/eluser]
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* ------------------------------------------------------------------------
* CI Session Class Extension for AJAX calls.
* ------------------------------------------------------------------------
*
* ====- Save as application/libraries/MY_Session.php -====
*/

class MY_Session extends CI_Session {

    // --------------------------------------------------------------------

    /**
     * sess_update()
     *
     * Do not update an existing session on ajax or xajax calls
     *
     * @access    public
     * @return    void
     */
    public function sess_update()
    {
        $_ci = get_instance();

        if ($_ci->input->is_ajax_request() === FALSE)
        {
            parent::sess_update();
        }
    }

} // End of class MY_Session.

/* ------------------------------------------------------------------------
* Filename: MY_Session.php
* Location: ./application/libraries/MY_Session.php
* ------------------------------------------------------------------------
*/


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.