CodeIgniter Forums

Full Version: CI session expires rapidly
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

El Forum

Hi all,

I'm using the CI sessionID to store some temporary ajax data in my sql-database.

Though the $config['sess_expiration'] is set to 7200, I unfortunately get a new sessionID every … more or less 4min.

Any suggestions what might cause this?


El Forum

Have you checked your servers configuration for server session timeout?

El Forum

Also check the timezone and time on your server.

IIRC there is a minor quirk in Magento to where if the timezone of the server was set differently of the settings of Magento it would kill the Session really fast or straight out expire it immediately.

El Forum

In your config file look at this line:

$config['sess_time_to_update']     = 300;

300 seconds (5 minutes) is the default. See the user guide at

Quote:A session, as far as CodeIgniter is concerned, is simply an array containing the following information:

The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)

The rest of the session data is maintained, but the sessionID is, by design, regenerated every five minutes. I think that is why you are seeing your sessionID changing "more or less every 4 minutes" ;-)

El Forum

Thanks! THIS IS IT ;-)
Might a change to (as well) 7200 seconds cause any security issues?

El Forum

I think there are good reasons for the session id being regenerated regularly. Derek Allard explains it a bit here, and refers you to this Wikipedia article.

So in general, latching onto the session id as a form of long-term persistent identification is probably not the best way to go.

You could generate your own random number, though, and store it in the session user_data. That would persist for your full 7200 seconds, and then you could leave

$config['sess_time_to_update'] = 300;

in place for security.

Here's one way to do it (there may be others / better):

//Create a unique random token
$token = random_string('unique') . random_string('unique');

//Add token to session user_data
$session_data = array( 'token' => $token );

//Then when you want to read the session user_data
$token = $this->session->userdata('token');

El Forum

In my aplication I'm having the same type of problem...

After the 5 minutes, (or whatever time I put in $config['sess_time_to_update'] ) the session expires and the user is redirected to login screen.

Somehow, it seems that when it regenerates, it's loosing the previous session and the previous session data.

I have these configurations in the config.php file:

$config['sess_cookie_name']    = 'ci_session';
$config['sess_expiration']    = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']    = 'ci_sessions';
$config['sess_match_ip']    = TRUE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']  = 300;

How can I make the session to keep the data for 2 hours after the last request from the user ?

El Forum

I've been checking and this only happens when I use the database.

I think it is a bug from the SESSION Class that does not get the previous data from the session.

El Forum

Hi again.

I've come closer to the center of my problem, once again...

I've 6 CI instalations in the following organization:

1 base CI to control logins, passwords change, etc.
other 5 CI's inside of that one where I redirect each user depending on his role in the application.

So I get:

base app:


other apps:


The problem is that the session is created in the base_app. When is that app updating it, it 's all ok!

But when it is the other apps that try to update the session data, it simply looses the session data and comes back to the login screen.

Anyone can help me solving this ? I've been for 2 days searching for this but with no result... the users keep complaining that they are loosing the login just after some clicks...

El Forum

the problem continues... sometimes, the session randomly expires and looses the user data... can anyone help me on this ?
Pages: 1 2