Welcome Guest, Not a member yet? Register   Sign In
[SOLVED: USER ERROR] CI3 sess_time_to_update and flashdata
#1

(This post was last modified: 10-20-2015, 10:03 AM by henesnarfel. Edit Reason: solved my issue which was user error )

I'm using FILES session and I'm working on an application where I'm using userdata and flashdata to keep the data stored in across page loads so that if the user navigates away from the app they lose their session.  Each page load with the app saves the flashdata for future use while the userdata is of course preserved.

Whats happening though is that if the user is interacting with the app and is doing everything that keeps the flashdata active their session gets refreshed by the sess_time_to_update and loses their session.  I've got it set to 300.  So after those 300 seconds a new session id is generated and the userdata and the flashdata is lost even though the user is still inside my app.

Should this be wiping out my userdata and flashdata or should it carry across the with the new session id creation?

below is my config setup

$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 1800;
$config['sess_save_path'] = 'sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
Reply
#2

Hi,

Firstly, I am no expert with flash data and sessions, however I believe flash data is intimately related to session data. If your session expires I would fully expect the flash data to as well.

300 seconds is 5 hours. Are people really using your web app for 5 hours? And you are keeping them logged in with flash data for that long? Sounds like that might not be the best way to do that.

However, to prevent it you could set the sess_time_to_update to 0, so sessions are not updated at all. Would that help?

Best wishes,

Paul
Reply
#3

300 seconds are 5 minutes, not 5 hours.
Reply
#4

The only reason I'm using the 300 seconds is because that was the default as well as from what I understand even when the session ID is updated the session data is supposed to carry over. Also from what I understand is that it is more secure this way.

Is there any downside to setting sess_time_to_update to 0.
Reply
#5

(10-09-2015, 02:32 AM)Narf Wrote: 300 seconds are 5 minutes, not 5 hours.

Ah. Yes. Oops.
Reply
#6

I've done some more testing.  I'm using fresh install of CI 3.0.2 with WAMP Apache 2.4.9, PHP 5.5.12, MySQL 5.6.17.  At the bottom are steps to produce what I'm seeing


I'm able to use database sessions with the sess_time_to_update set 10 seconds with no problems.  All session data including flashdata(if I use keep_flashdata) carries over to the next session ID when refreshing the page.  But when using files I cannot keep any session data at all using any amount of time other than 0.  

I've attached screenshots of errors I'm getting that may be causing the issue with files.  I'm getting an fopen error when it tries to create the initial session file.  If I keep refreshing I get a touch error until the 10 seconds are up then I get the fopen error again when it tries to create the new session ID file.  Upon that creation of the next session ID file is when it loses ALL session data.

So I'm assuming there is a bug in the Session library when dealing with Files sessions.  Can anyone else either confirm or set me straight?


  1. create fresh install of CI 3.0.2
  2. autoload session library
  3. set session to files and choose location of file saving
  4. set sess_time_to_update to 10 seconds
  5. in welcome controller add the following to index function
  6.       print_r($this->session->all_userdata());
          print_r($this->session->flashdata());
          $this->session->keep_flashdata("testflash");
  7. in another controller of your choice(I'll call it setsession) enter the following into index function
  8.       $this->session->set_userdata(array("test"=>"testing"));
          $this->session->set_flashdata(array("testflash"=>"testing"));
  9. load welcome controller.  There should be no data other than array with __ci_last_regenerate set
  10. load setsession controller.  nothing will display
  11. load welcome controller again array should now contain userdata with key "test" and flashdata with key "testflash
  12. keep reloading welcome controller and wait for __ci_last_regenerate to change.  Once it changes reload controller one last time.  Session data will be lost.
  13. Repeat steps 9-12 with database session and session data will not be lost.


Attached Files Thumbnail(s)
       
Reply
#7

OK I'm an idiot. Dodgy

I misread the config for the files session setup. For some reason I got how absolute and relative links work backwards. I didn't have the full absolute link from root of my server set. I had it set relatively. I've changed my config and I no longer have issues using the file sessions.

Sorry for all the trouble.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB