CodeIgniter Forums
Codeigniter duplicate session issue - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Regional User Groups (https://forum.codeigniter.com/forumdisplay.php?fid=25)
+--- Thread: Codeigniter duplicate session issue (/showthread.php?tid=69184)

Codeigniter duplicate session issue - kinje - 10-17-2017

I have an application built with codeigniter using the sessions class and storing session data in a database.but when I login into the system with different user and different COMPUTER and Browser, I wonder why all users have the same session data as the first login into the system.


SESSION CONFIGURATION

$config['sess_driver'] = 'database';

$config['sess_cookie_name'] = 'ci_session';

$config['sess_expiration'] = 600;

$config['sess_save_path'] = 'ci_sessions';

$config['sess_match_ip'] = FALSE;

$config['sess_time_to_update'] = 30;
$config['sess_regenerate_destroy'] = TRUE;

I attached a database file
please needs help

RE: Codeigniter duplicate session issue - InsiteFX - 10-18-2017

There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.

RE: Codeigniter duplicate session issue - kinje - 10-18-2017

(10-18-2017, 04:11 AM)InsiteFX Wrote: There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.

LOGIN MODEL

Code:
public function login($email, $pass, $remember = FALSE) {

       // Remove cookies first
       $cookie = array(
           'name' => 'user',
           'value' => '',
           'expire' => time() - 3600,
           'path' => '/',
       );

       $this->CI->input->set_cookie($cookie);


       /*
        *
        * User Verification
        *
        * Removed or !ctype_alnum($pass) from the IF statement
        * It was causing issues with special characters in passwords
        * and returning FALSE even if the password matches.
        */
       if (!valid_email($email) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max']) {
           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }


       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);
       $row = $query->row();

       // only email found and login attempts exceeded
       if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && !$this->update_login_attempts($row->email)) {

           $this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
           return FALSE;
       }

       //recaptcha login_attempts check
       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);
       $row = $query->row();
       if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']) {
           $reCAPTCHA_cookie = array(
               'name' => 'reCAPTCHA',
               'value' => 'true',
               'expire' => time() + 7200,
               'path' => '/',
           );
           $this->CI->input->set_cookie($reCAPTCHA_cookie);
       }

       // if user is not verified
       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->where('banned', 1);
       $query = $this->CI->db->where('verification_code !=', '');
       $query = $this->CI->db->get($this->config_vars['users']);

       if ($query->num_rows() > 0) {
           $this->error($this->CI->lang->line('aauth_error_account_not_verified'));
           return FALSE;
       }

       // to find user id, create sessions and cookies
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);

       if ($query->num_rows() == 0) {
           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }

       $user_id = $query->row()->id;

       $query = null;
       $query = $this->CI->db->where('email', $email);

       // Database stores pasword hashed password
       $passwd = $this->hash_password($pass, $user_id);
       $query = $this->CI->db->where('pass', $passwd);
       //$query = $this->CI->db->where('pass', $this->hash_password($pass, $user_id));
       $query = $this->CI->db->where('banned', 0);

       $query = $this->CI->db->get($this->config_vars['users']);

       $row = $query->row();
       if ($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') {
           $reCaptcha = new ReCaptcha($this->config_vars['recaptcha_secret']);
           $resp = $reCaptcha->verifyResponse($this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response"));

           if (!$resp->success) {
               $this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
               return FALSE;
           }
       }

       // if email and pass matches and not banned
       if ($query->num_rows() > 0) {

           // If email and pass matches
           // create session
           //get user_group
           $group = $this->get_user_groups($row->id);
           $mygroup = $group[0]->group_name;
           $data = array(
               'user_id' => $row->id,
               'firstname' => $row->firstname,
               'lastname' => $row->lastname,
               'phone' => $row->phone,
               'email' => $row->email,
               'centre_id' => $row->centre_id,
               'zone_id' => $row->zone_id,
               'mygroup' => $mygroup,
               'loggedin' => TRUE
           );

           $this->CI->session->set_userdata($data);

           // if remember selected
           if ($remember) {
               $expire = $this->config_vars['remember'];
               $today = date("Y-m-d");
               $remember_date = date("Y-m-d", strtotime($today . $expire));
               $random_string = random_string('alnum', 16);
               $this->update_remember($row->id, $random_string, $remember_date);

               $cookie = array(
                   'name' => 'user',
                   'value' => $row->id . "-" . $random_string,
                   'expire' => time() + 99 * 999 * 999,
                   'path' => '/',
               );

               $this->CI->input->set_cookie($cookie);
           }

           $reCAPTCHA_cookie = array(
               'name' => 'reCAPTCHA',
               'value' => 'false',
               'expire' => time() - 3600,
               'path' => '/',
           );
           $this->CI->input->set_cookie($reCAPTCHA_cookie);

           // update last login
           $this->update_last_login($row->id);
           $this->update_activity();
           $this->reset_login_attempts($row->id);

           return TRUE;
       }
       // if not matches
       else {

           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }
   }

LOGIN CONTROLLER
Code:
   function authentication() {
       $email = $this->input->post('email');
       $password = $this->input->post('password');
       $login = $this->aauth->login($email, $password);
       if ($login):

           redirect('dashboard/');
       else:
           $data['msg'] = $this->aauth->get_errors_array();
           $this->load->view('auth/login', $data);
       endif;
   }


RE: Codeigniter duplicate session issue - InsiteFX - 10-19-2017

For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
    'username',
    'firstname',
    'lastname',
    'phone',
    'email',
    'centre_id',
    'zone_id',
    'mygroup',
    'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.

RE: Codeigniter duplicate session issue - kinje - 10-19-2017

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
    'username',
    'firstname',
    'lastname',
    'phone',
    'email',
    'centre_id',
    'zone_id',
    'mygroup',
    'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.

ok let me try it

RE: Codeigniter duplicate session issue - kinje - 10-19-2017

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
    'username',
    'firstname',
    'lastname',
    'phone',
    'email',
    'centre_id',
    'zone_id',
    'mygroup',
    'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.
Still the same problems

RE: Codeigniter duplicate session issue - InsiteFX - 10-19-2017

I can not message you back because you have Private Messages turned on in your profile.