CI Session being destroyed - Printable Version

CI Session being destroyed - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: CodeIgniter 2.x (https://forum.codeigniter.com/forumdisplay.php?fid=18)
+--- Thread: CI Session being destroyed (/showthread.php?tid=61775)

CI Session being destroyed - dwlamb - 05-15-2015

I am using CI for a login and session management on a site. For some reason only on the production server, not the development stack, the session data is being altered.

These are abridged versions of my code:

PHP Code:
<?php
class User extends CI_Controller {
    public function login() {
        $this->form_validation->set_rules('username', 'Username', 'required|trim|max_length[16]|xss_clean');
        $this->form_validation->set_rules('password', 'Password', 'required|trim|xss_clean');
        if ($this->form_validation->run() == FALSE)
            {
            $data['site_title']                =$this->config->item('site_title');
            $this->load->view('view_login');
            } 
            else 
            {
                extract($_POST);
                $user = $this->Model_user->check_login($username, $password);
            //the above model check_login function queries the database and, 
            //if a match, returns an array:
            //$userdata = array ( 
            //  'id'            =>  $result->row(0)->id, 
            //  'first_name'    =>  $result->row(0)->first_name,
            //  'last_name'     =>  $result->row(0)->last_name,
            //  'email'         =>  $result->row(0)->email,
            //  'edit'          =>  $result->row(0)->edit,
            //  'logged_in'     =>  1;
            // The array is being returned 
                if (!$user) {
                    // log-in failed
                    $data['site_title']                =$this->config->item('site_title');
                    $this->load->view('view_login', $data);
                } else {
                    //log in success; proceed to session
                    $user['logged_in'] = TRUE;
                    $this->session->set_userdata($user);
                //did debugging (see below) here
                    redirect('display');
                }
            }
    }// login
//abridged version of Controller Display:
class Display extends CI_Controller {

    public function index(){
            //did debugging (see below) here
        if ($this->session->userdata('logged_in')) {
            redirect('display/movies');
        } else {
            $this->load->view('view_login');
        }//if
    }//index 

To debug what is happening, I used the following at the above mentioned points in my code:

PHP Code:
           $array = $this->session->all_userdata();
            echo '<pre>';
            print_r($array);
            echo '</pre>';
            die(); 

At the end of login the session user data is as it should be:

Code:
userdata at user->login

Array

(

    [session_id] => 0e9a5b9befc7be8cb299f185fcaad4af

    [ip_address] => <an IP address>

    [user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36

    [last_activity] => 1431699339

    [user_data] => 

    [id] => 1

    [first_name] => <a first name>

    [last_name] => <a last name>

    [email] => <an e-mail address>

    [edit] => 1

    [logged_in] => 1

)

However that is not the session data returned at display->index:

Code:
Array

(

    [session_id] => 2e5705108e2082f168cdb6536fbdec17

    [ip_address] => <an IP address equal to the one above>

    [user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36

    [last_activity] => 1431699167

    [user_data] => 

)

I have reviewed the documentation for sessions and can tell that the sessions library is set to load through the autoloader. The sessions section of config.php is untouched with one exception:

Code:
$config['sess_cookie_name']     = 'ci_session';

$config['sess_expiration']      = 0;

$config['sess_expire_on_close'] = FALSE;

$config['sess_encrypt_cookie']  = FALSE;

$config['sess_use_database']    = FALSE;

$config['sess_table_name']      = 'ci_sessions';

$config['sess_match_ip']        = FALSE;

$config['sess_match_useragent'] = TRUE;

$config['sess_time_to_update']  = 300;

$config['sess_expiration'] was  set to 0 for purposes of debugging.

An encryption key is set even though I am not opting to encrypt the cookie. The mcrypt extension is installed and functioning on the server.

I am really baffled by this and hope someone can provide what to do.

RE: CI Session being destroyed - dwlamb - 05-16-2015

This problem is solved. After further research I found a very good article for abandoning CodeIgniter session in favour of PHP sessions using a simple library: https://www.moreofless.co.uk/using-native-php-sessions-with-codeigniter/

RE: CI Session being destroyed - CroNiX - 05-16-2015

It looks like you are storing your session data in a cookie, which is not very good since users can alter cookie data from within their browser, especially when you're not encrypting the cookie!

Cookies have a limit on how much data they can store (2k). Is it possible you're trying to store too much data?

Are you using ajax much?