+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Cookie management (/showthread.php?tid=50347)
Cookie management - El Forum - 03-23-2012
[eluser]John Murowaniecki[/eluser]
Today we've received a feedback from a client relating an issue about admin login..
..Well, the system is very simple:
- first we create some session tokens and use them as field names on our login form;
- then if you load the page you'll have your tokens saved on your session and these
are the same that we've created before - they aren't change (except if you load the
login form again);
- we have basicly two methods on this controller: login() and auth().
Login: generate tokens and displays the form.
Auth : retrieve form posting and perform the user authentication based on the
previously generated tokens on login()
..Well, this is my code isn't important..
Code:
$j_code = $is_working = TRUE;..And everything is working fine except the session: they're not setting tokens (for sure: my table `ci_sessions.user_data` is empty). So we run to my firebird resource inspector to see my cookies and they exist, but the user_data is also empty.
So this is the question: What is happening here?
The cookie exists, the session is setted but the user_data is empty.
Our config.php has this configuration..
Code:
$config['cookie_domain'] = "$_SERVER[SERVER_NAME]";..And this is the main question: Why? 'cos we don't know.
Cookie management - El Forum - 03-23-2012
[eluser]InsiteFX[/eluser]
So using setcookie() with a domain value of www.example.com is not correct if www is a host name.
If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.
Cookie management - El Forum - 03-26-2012
[eluser]John Murowaniecki[/eluser]
[quote author="InsiteFX" date="1332517852"]..If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.[/quote]
..Dude, I didn't understand: if I have only one application on my domain and set the $config['domain_name'] to my domain isn't the same that set to an empty string? Both made a cookie with the correct domain.
..But I'm not sure about those configurations - and I need to read more about good pratices with cookies and security ('cos I think this isn't a secure way).
Cookie management - El Forum - 03-26-2012
[eluser]InsiteFX[/eluser]
And my name is not Dude!
Then go to your ./application/config/config.php and set the cookie encryption item!
Cookie management - El Forum - 03-27-2012
[eluser]John Murowaniecki[/eluser]
..Sorry, Sir. :cheese:
Well.. I must study how best to improve the management of my cookies on codeigniter. Whatever, though to be functioning properly I believe it has something unusual .. And it's not paranoia.
But thank you for your help.
Cookie management - El Forum - 06-12-2012
[eluser]kichik[/eluser]
Hi my session not work with firebird database... User_data not write. I installed database driver Carlos. When i open my web page session created, after write login and password, and last send user_data logged = TRUE; but after f5, my user_data erased...
Cookie management - El Forum - 06-13-2012
[eluser]InsiteFX[/eluser]
Check to see if it is updating the ci_session table in your database.
Cookie management - El Forum - 06-13-2012
[eluser]kichik[/eluser]
After auth USER_DATA write in databse, but after f5 USER_DATA erased. Errors NOT displayed, logged, dumped.