CodeIgniter Forums
How reliable is the FileHandler session driver? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forum-28.html)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forum-30.html)
+--- Thread: How reliable is the FileHandler session driver? (/thread-74131.html)



How reliable is the FileHandler session driver? - angrymongol - 07-26-2019

I am writing a simple app with user authentication. It makes some ajax requests but I am finding out that the session data is being wiped for some reason. The session id in the cookie seems to be correct and the session file in the writable folder seems to persist but after concurrent requests, the data inside seems to be erased except _ci_previous_url. The only time I call session->destroy() is inside my logout handler and the only time this would load is if someone clicked logout but when that happens, the session contains previous url as well as _ci_last_regenerate. 

The session is initialized in my base controller in the initController function as per the docs


Code:
parent::initController($request, $response, $logger);
$this->session = \Config\Services::session();

I have a WebController and a RestController which extend BaseController. WebController serves my template files based on some routing data and the RestController checks if the request isAJAX() and serves rest data. I have Private\PublicController extending the web and rest controllers both. Inside the PrvateController of web, I have the following



Code:
parent::initController($request, $response, $logger);
if ($this->session->LoggedIn != true) {
    header('Location: '.base_url());
    exit;
    die();
}

and inside my PrivateController for rest, I just include an extra variable called redirect which returns an URL if the user is not authenticated. My ajax request watches out for this and redirects. All of them are namespaced so as not to interfere with each other. I am just not sure what is causing the issue and currently digging through the file handler. I will be checking the Session.php file next and will update here if I find anything. 

As a side note, I am using the header location redirect because I cannot seem to get the built in redirect to work properly. The code seem to continue on to execute. I think I need to use filters but this works currently.

TLDR: session data is getting erased inexplicably but _ci_previous_url. When session->destroy() is called, _ci_last_regenerate and _ci_previous_url remains. The session name set in the cookie is correct and the session file in the writable/session folder does persist and regenerated correctly.


RE: How reliable is the FileHandler session driver? - InsiteFX - 07-27-2019

You can always check to see if it is an Ajax request also before destroying the session.

PHP Code:
// Check for AJAX request.
if ($request->isAJAX())
{
 
   session->destroy();




RE: How reliable is the FileHandler session driver? - MGatner - 07-28-2019

CI4 definitely has issue with interwoven AJAX calls. There’s a warning about it in the docs. I’ve never traced it down or pursued options, but it is annoying.


RE: How reliable is the FileHandler session driver? - angrymongol - 07-29-2019

(07-28-2019, 07:58 AM)MGatner Wrote: CI4 definitely has issue with interwoven AJAX calls. There’s a warning about it in the docs. I’ve never traced it down or pursued options, but it is annoying.

Yeah I switched over to the db handler. This intermittent issue is very annoying. The docs had a note about how the session is locking now and shouldnt be disabled but the use case doesn't really apply here since I am writing a bare bones auth system and it can't seem to hold onto session data.


RE: How reliable is the FileHandler session driver? - angrymongol - 07-29-2019

(07-27-2019, 08:04 AM)InsiteFX Wrote: You can always check to see if it is an Ajax request also before destroying the session.

PHP Code:
// Check for AJAX request.
if ($request->isAJAX())
{
 
   session->destroy();


That really isn't the issue. The logout code runs only when someone clicks the logout button and I don't destroy the session anywhere else.

The issue is that my session data is being lost while the file containing the data still exists. This happens with normal page navigations. I would be clicking between pages and it would just log me out.

The peculiar part is that if I call session destroy, the session file is left with the previous url I visited and the time to regenerate the session name. That seems normal. CI uses those for internal functions. Now, when the session is lost inexplicably, only the previous url value is left in the session file. The session regeneration time is no longer there which I think is a CI issue rather than anything I have coded.