Cookie management - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Cookie management (/showthread.php?tid=50347) |
Cookie management - El Forum - 03-23-2012 [eluser]John Murowaniecki[/eluser] Today we've received a feedback from a client relating an issue about admin login.. ..Well, the system is very simple: - first we create some session tokens and use them as field names on our login form; - then if you load the page you'll have your tokens saved on your session and these are the same that we've created before - they aren't change (except if you load the login form again); - we have basicly two methods on this controller: login() and auth(). Login: generate tokens and displays the form. Auth : retrieve form posting and perform the user authentication based on the previously generated tokens on login() ..Well, this is my code isn't important.. Code: $j_code = $is_working = TRUE; ..And everything is working fine except the session: they're not setting tokens (for sure: my table `ci_sessions.user_data` is empty). So we run to my firebird resource inspector to see my cookies and they exist, but the user_data is also empty. So this is the question: What is happening here? The cookie exists, the session is setted but the user_data is empty. Our config.php has this configuration.. Code: $config['cookie_domain'] = "$_SERVER[SERVER_NAME]"; ..And this is the main question: Why? 'cos we don't know. Cookie management - El Forum - 03-23-2012 [eluser]InsiteFX[/eluser] So using setcookie() with a domain value of www.example.com is not correct if www is a host name. If you want to restrict the cookie to a single host, supply the domain parameter as an empty string. Cookie management - El Forum - 03-26-2012 [eluser]John Murowaniecki[/eluser] [quote author="InsiteFX" date="1332517852"]..If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.[/quote] ..Dude, I didn't understand: if I have only one application on my domain and set the $config['domain_name'] to my domain isn't the same that set to an empty string? Both made a cookie with the correct domain. ..But I'm not sure about those configurations - and I need to read more about good pratices with cookies and security ('cos I think this isn't a secure way). Cookie management - El Forum - 03-26-2012 [eluser]InsiteFX[/eluser] And my name is not Dude! Then go to your ./application/config/config.php and set the cookie encryption item! Cookie management - El Forum - 03-27-2012 [eluser]John Murowaniecki[/eluser] ..Sorry, Sir. :cheese: Well.. I must study how best to improve the management of my cookies on codeigniter. Whatever, though to be functioning properly I believe it has something unusual .. And it's not paranoia. But thank you for your help. Cookie management - El Forum - 06-12-2012 [eluser]kichik[/eluser] Hi my session not work with firebird database... User_data not write. I installed database driver Carlos. When i open my web page session created, after write login and password, and last send user_data logged = TRUE; but after f5, my user_data erased... Cookie management - El Forum - 06-13-2012 [eluser]InsiteFX[/eluser] Check to see if it is updating the ci_session table in your database. Cookie management - El Forum - 06-13-2012 [eluser]kichik[/eluser] After auth USER_DATA write in databse, but after f5 USER_DATA erased. Errors NOT displayed, logged, dumped. |