• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Sessions do not persist

  • Configuration
PHP Code:
$config['sess_driver'] = 'database';
$config['sess_save_path'] = 'ci_sessions';
$config['sess_cookie_name'] = 'sb_session';
$config['sess_expiration'] = 86000;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE
  • /system folder is identical to ci3 git repo
PHP Code:
"<a href='/test/beta'>next</a>";
  • have some test routes set up in routes.php to go to a test controller
  • test controller, page 1 (/test/alpha)
PHP Code:
"<a href='/test/beta'>next</a>";

  • test controller, page 2 (/test/beta)
PHP Code:
"<a href='/test/alpha'>back</a>";

  • Database table contents:     

On my local server (MAMP) the data is being serialized and stored as such in the session files/DB records. I can browse and view the contents and they look like this: mydata|i:1;
If I put some code to log the value of $session_data when CI's session handler's "write" function is called, the value is human-readable.

On my live server (WHM/cPanel) the data looks like this:  wNR0Bm_RZU-Gt2w1fpFBeW6SKzaFCx4LBB0U4CsZjms. 

The session handler's write function is being passed the data this way.

I'm not sure if this has anything to do with the fact that sessions don't persist, but this is the only lead I have.

Basically, if I refresh the page, the client sends the previous session id:

Request Headers:
GET /test/alpha/beta HTTP/1.1
Cookie: mr_csrf_cookie=7fd571f8bf56780bf129e331aca20ec0; sb_session=bd58c63518a25e3d2e994e555d003d720fda04f5

and is given a new one every time:
Response Headers:
Set-Cookie:sb_session=b8c24a58de4c1140af6b7938f045e0f423742006; expires=Sun, 27-Mar-2016 03:24:54 GMT; Max-Age=86000; path=/; HttpOnly
  • Behavior is independent of session storage type (file/database)
  • I've been stuck on this for two days now.
Any help would be greatly appreciated.

I resolved the issue after I noticed that:
- when the URI contained the character "1" the sessions seemed to carry over
- preventing the http-referer from being sent also seemed to have an effect on whether the session would be kept

Found this setting in php.ini:

session.referer_check = 1

Seems harmless at first, except: "session.referer_check contains the substring you want to check each HTTP Referer for. If the Referer was sent by the client and the substring was not found, the embedded session id will be marked as invalid. Defaults to the empty string."

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.