• 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Duplicate session id error in database table

#1
Hello!

We're using 3.1.5 with database sessions and we noticed that we would sometimes get the following error in the application logs:

Quote:ERROR - 2017-07-22 15:32:19 --> Query error: Duplicate entry '[session_id]' for key 'PRIMARY' - Invalid query: INSERT INTO `db_session` (`id`, `ip_address`, `timestamp`, `data`) VALUES ('[session_id]', ...)
ERROR - 2017-07-22 15:32:19 --> Severity: Warning --> Unknown: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (db_session) Unknown 0

The system is deployed on a Linode server with CloudFlare enabled. There also doesn't seem to be any recognizable pattern--it just happens randomly.

This is from our config.php:

PHP Code:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'db_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'db_session';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE

And our MySQL database table:

Code:
CREATE TABLE IF NOT EXISTS `db_session` (
 `id` VARCHAR(40) NOT NULL,
`ip_address` VARCHAR(45) NOT NULL,
`timestamp` INT UNSIGNED NOT NULL DEFAULT 0,
`data` BLOB NOT NULL,
PRIMARY KEY (`id`),
INDEX `idx_db_session_timestamp` (`timestamp` ASC))
ENGINE = InnoDB;
 
We found posts suggesting the ip_address should also be a primary key, but this doesn't apply to us since we have sess_match_ip set to FALSE.

Any help would be appreciated.

Thanks!
Reply

#2
In CI 3.1.5 the id column must be varchar(128).

https://codeigniter.com/user_guide/libra...ase-driver
Reply

#3
(07-22-2017, 09:27 AM)natanfelles Wrote: In CI 3.1.5 the id column must be varchar(128).

https://codeigniter.com/user_guide/libra...ase-driver

Thanks natanfelles! We've updated the table:

Code:
mysql> describe db_session;
+------------+------------------+------+-----+---------+-------+
| Field      | Type             | Null | Key | Default | Extra |
+------------+------------------+------+-----+---------+-------+
| id         | varchar(128)     | NO   | PRI | NULL    |       |
| ip_address | varchar(45)      | NO   |     | NULL    |       |
| timestamp  | int(10) unsigned | NO   | MUL | 0       |       |
| data       | blob             | NO   |     | NULL    |       |
+------------+------------------+------+-----+---------+-------+
4 rows in set (0.00 sec)

We'll observe the logs and post an update if the issue is resolved or not.
Reply

#4
Duplicate issue is still happening. We've had 2 new cases so far.

Code:
ERROR - 2017-07-23 00:17:12 --> Query error: Duplicate entry 'aq64m773luqkia96p1h3lniaj1e4ngg6' for key 'PRIMARY' - Invalid query: INSERT INTO `db_session` (`id`, `ip_address`, `timestamp`, `data`) VALUES ('aq64m773luqkia96p1h3lniaj1e4ngg6', '162.158.138.38', 1500740232, '__ci_last_regenerate|i:1500739999;[other_data];')
ERROR - 2017-07-23 00:17:12 --> Severity: Warning --> Unknown: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (db_session) Unknown 0
ERROR - 2017-07-23 00:21:11 --> 404 Page Not Found: Public/img
ERROR - 2017-07-23 00:23:14 --> 404 Page Not Found: Apple-touch-icon-120x120-precomposedpng/index
ERROR - 2017-07-23 00:25:38 --> 404 Page Not Found: Wp-loginphp/index
ERROR - 2017-07-23 00:27:09 --> Query error: Duplicate entry '42de1o9h22dfsbftlgsvmn7ake17p2br' for key 'PRIMARY' - Invalid query: INSERT INTO `db_session` (`id`, `ip_address`, `timestamp`, `data`) VALUES ('42de1o9h22dfsbftlgsvmn7ake17p2br', '162.158.138.44', 1500740829, '__ci_last_regenerate|i:1500740671;[other_data];')
ERROR - 2017-07-23 00:27:09 --> Severity: Warning --> Unknown: Failed to write session data (user). Please verify that the current setting of session.save_path is correct (db_session) Unknown 0
Reply

#5
Not sure, but it seems that this happens when the session id is regenerated.

Investigating how this process happens...

https://github.com/bcit-ci/CodeIgniter/b...driver.php

My question was whether there is any checking whether the new id already exists or not. Maybe the lock check is failing on your server.
Reply

#6
Possible. We have 2 other sites on separate servers with the same set-up as this one, but with fewer users. There's just 1 case of a duplicate session id in one server with relatively fewer users, and 0 cases in the other server with the least number of users.

What can we possibly do to replicate this and/or prevent it from happening?
Reply

#7
I'd check if expired sessions are being properly cleaned, especially if you're running Debian.
Reply

#8
(07-24-2017, 01:21 AM)Narf Wrote: I'd check if expired sessions are being properly cleaned, especially if you're running Debian.

Thanks, Narf. I checked the session table for distinct dates and it doesn't look like we have a problem with expired sessions.

Good news though--we haven't had the duplicate session id issue for the last 3 days. I wanted to observe the site for a few days before I posted this update.

So we added a call to session_write_close() in a function that generates PDF (via TCPDF) and serves it for download. Before we generate the PDF we set a specific variable using session->userdata so I noticed that practically all of the duplicate session id cases had that particular variable in the data part (as seen in application/logs). Then something about what natanfelles said regarding the lock check failing made me wonder if the locks were failing (?) for some users during the PDF generation, that's why we thought of just closing the session altogether right after we set the session variable and before TCPDF gets to work.

We're still not sure if that's what was actually causing the issue and if closing the session was the right move, so we'd appreciate any insights on this. For now, we're just a bit relieved to not see the issue pop out in the logs for a couple of days.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
4 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.