• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session lost AJAX CI 3.x

#1
Hi,

I have a big issue, my site use hard AJAX request, in that request we set or get some sessions variables, but we detected that after we set the sessions we get correctly the information of the sessions. ex:

echo $this->session->userdata("uid");
Result: iywgc87123rfvc2345thbvc45tygerfgv;

But if we make some AJAX request after to set the session and print the same variable we have an error that said that the property not are set... and if we print all session information the array is empty.

We are using the files driver, and the session are created in files.

We found in others forums that in CI 2.x had the same issues with AJAX, and found some classes that extend the Session library, but that libraries not works for CI 3.x

This is my config:

$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = sys_get_temp_dir();
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

So, some can help me pls? exist some fix for this?
Reply

#2
This has been a long standing issue with codeigniter from what i recall, i remember having these problems in 1.7.X i believe? From what i've read previously it's down to a race condition although i'm not sure of the specifics, i've noticed it happens more often when you have regular ajax requests being made in the background, it is quite a big flaw for an application framework.

Have you tried setting the sessions so they do not expire or rotate the session ID, i've found this helps with the ajax+sessions issue although it's not really a good solution as it's not great from a security perspective to have sessions which never expire at all regardless of if the users browser is still pinging the server in the background or not.

If anyone has better info on this issue and how to work around it i would also be interested to hear of a better solution.
Reply

#3
When you are SURE that this is not a CSRF issue, then your only option is to not allow AJAX calls to change the session data.

Look at system/libraries/Session/Session.php LINE 145: it would seem this issue is not present anymore. The session only updates on non-AJAX requests. I recall this being solved a long time ago.

Check the network tab in your browser console, what is the reply there?
[Image: logo.png]
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.