• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Ci_session Array Not Displaying Properly

#1
Hello, I'm having some issues with sessions on a couple of websites that I manage. The odd part is that I have a few other websites on the same host that are using the same back-end code and they are working just fine. The one thing that I'm noticing between websites is that the HttpOnly shows False on those that aren't working, and True on those that are. All websites are using SSL.

Here is the session array on a non-working one:

Code:
a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d10535309de4fe94cf3ab8f18696b541%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22000.000.000.0004%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A60.0%29+Gecko%2F20100101+Firefox%2F60.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1561497096%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7D51b0591e7a6e64db0d7b1690138b3d3d85aff629


I swapped out the IP address for obvious reasons. Here is my session and cookie config:


PHP Code:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

$config['cookie_prefix'   '';
$config['cookie_domain'   '.domain.com';
$config['cookie_path'       '/';
$config['cookie_secure'   TRUE;
$config['cookie_httponly'    FALSE

I swapped the domain name for obvious reasons. I've tried setting cookie_httponly to TRUE and tried setting both httponly and secure to false. I don't know why this is happening on only certain websites despite the host being the same. All websites are using CI 3.1.10.
Reply

#2
Do you have a table named "ci_sessions" in your database?
Does your application autoload the sessions library?
Reply

#3
(06-25-2019, 11:18 PM)Wouter60 Wrote: Do you have a table named "ci_sessions" in your database?
Does your application autoload the sessions library?

Yes, sorry. Forgot to mention that. I have a table ci_sessions with id, ip_address, timestamp, and data fields. I'm also auto-loading the session library. Between working and non-working websites, the only difference is the data going into the database. Structure is exactly the same.
Reply

#4
Are you sure that the table fields are correct? There were two different tables
depending on the CI version.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#5
(06-26-2019, 07:58 AM)InsiteFX Wrote: Are you sure that the table fields are correct? There were two different tables
depending on the CI version.

Yes, I just checked the manual yesterday while looking at the database to make sure the are correct. It's not making into the database due to the way it's showing up in the array. I'm pulling that information directly from the firefox debug menu under storage. Rather than showing just the session ID, it's dumping the whole array for some weird reason.

Edit: So I was looking a bit further into it, and I was trying to log into my user area that I have built on one of the websites and it was giving me some SQL errors. First it wasn't including the table name, despite it being present in the sess_save_path. I added sess_table_name with the appropriate name and that fixed that initial problem, but then it stated that there was an issue after the where clause with the session_id field. I'm not using a field name session_id, nor last_activity, nor user_data. I downloaded a fresh copy of 3.1.10 and that is indeed what it is looking for under system/libraries/Session.php, but I'm not able to find this anywhere in the manual. Even after adjusting the names in Session.php to see what happens, nothing is inserted into the ci_sessions table.

Edit 2: I also tried changing the field names in the table to match what Session.php is looking for and, despite there not being anymore SQL errors, there is still nothing being inserted into the table.

Edit 3: My apologies for this post, it seems I stumbled upon a solution for myself. I'm not sure what changed with the way sessions are handled between versions, but I was able to correct the issue by rolling back to a previous version of CI that I had. I know that is not a good solution due to there being security fixes and stuff in the newer version, but I would like to figure those out. I'll be sure to scour the documentation to see what changed between versions to get everything updated to where I need it. Again, sorry for this!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.