CodeIgniter Forums

Full Version: CI Session being destroyed
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I am using CI for a login and session management on a site. For some reason only on the production server, not the development stack, the session data is being altered.

These are abridged versions of my code:


PHP Code:
<?php
class User extends CI_Controller {
 
   public function login() {
 
       $this->form_validation->set_rules('username''Username''required|trim|max_length[16]|xss_clean');
 
       $this->form_validation->set_rules('password''Password''required|trim|xss_clean');
 
       if ($this->form_validation->run() == FALSE)
 
           {
 
           $data['site_title'               =$this->config->item('site_title');
 
           $this->load->view('view_login');
 
           
 
           else 
            
{
 
               extract($_POST);
 
               $user $this->Model_user->check_login($username$password);
 
           //the above model check_login function queries the database and, 
 
           //if a match, returns an array:
 
           //$userdata = array ( 
 
           //  'id'            =>  $result->row(0)->id, 
 
           //  'first_name'    =>  $result->row(0)->first_name,
 
           //  'last_name'     =>  $result->row(0)->last_name,
 
           //  'email'         =>  $result->row(0)->email,
 
           //  'edit'          =>  $result->row(0)->edit,
 
           //  'logged_in'     =>  1;
 
           // The array is being returned 
 
               if (!$user) {
 
                   // log-in failed
 
                   $data['site_title'               =$this->config->item('site_title');
 
                   $this->load->view('view_login'$data);
 
               } else {
 
                   //log in success; proceed to session
 
                   $user['logged_in'] = TRUE;
 
                   $this->session->set_userdata($user);
 
               //did debugging (see below) here
 
                   redirect('display');
 
               }
 
           }
 
   }// login
//abridged version of Controller Display:
class Display extends CI_Controller {

 
   public function index(){
 
           //did debugging (see below) here
 
       if ($this->session->userdata('logged_in')) {
 
           redirect('display/movies');
 
       } else {
 
           $this->load->view('view_login');
 
       }//if
 
   }//index 


 To debug what is happening, I used the following at the above mentioned points in my code:
PHP Code:
           $array $this->session->all_userdata();
 
           echo '<pre>';
 
           print_r($array);
 
           echo '</pre>';
 
           die(); 


 At the end of login the session user data is as it should be:
Code:
userdata at user->login
Array
(
   [session_id] => 0e9a5b9befc7be8cb299f185fcaad4af
   [ip_address] => <an IP address>
   [user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
   [last_activity] => 1431699339
   [user_data] =>
   [id] => 1
   [first_name] => <a first name>
   [last_name] => <a last name>
   [email] => <an e-mail address>
   [edit] => 1
   [logged_in] => 1
)

 However that is not the session data returned at display->index:
Code:
Array
(
   [session_id] => 2e5705108e2082f168cdb6536fbdec17
   [ip_address] => <an IP address equal to the one above>
   [user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
   [last_activity] => 1431699167
   [user_data] =>
)
I have reviewed the documentation for sessions and can tell that the sessions library is set to load through the autoloader.  The sessions section of config.php is untouched with one exception:
Code:
$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

$config['sess_expiration'] was  set to 0 for purposes of debugging.

An encryption key is set even though I am not opting to encrypt the cookie.  The mcrypt extension is installed and functioning on the server.


I am really baffled by this and hope someone can provide what to do.
This problem is solved.  After further research I found a very good article for abandoning CodeIgniter session in favour of PHP sessions using a simple library: https://www.moreofless.co.uk/using-nativ...deigniter/
It looks like you are storing your session data in a cookie, which is not very good since users can alter cookie data from within their browser, especially when you're not encrypting the cookie!

Cookies have a limit on how much data they can store (2k). Is it possible you're trying to store too much data?

Are you using ajax much?