+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Lounge (https://forum.codeigniter.com/forumdisplay.php?fid=3)
+--- Thread: Issue Maintaining Logged in State (/showthread.php?tid=77875)
Issue Maintaining Logged in State - clancey - 10-29-2020
We are encountering a strange situation where accessing pages in one specific area of the site causes the user to get logged out. I have reviewed the code for those pages and they do not touch cookies except to check logged in status. That is necessary as logged in users see a different result from others. Clearing the cache in Chrome does not help but I think it ignores the do not cache headers. The following is sent with every page:
"header('Cache-Control: no-cache, no-store, must-revalidate');header('Pragma: no-cache');header('Expires: 0')"
What is more strange is this only happens with Chrome. It does not occur with Firefox or Edge.
If anyone has encountered this did you find a magic meta tag which resolved it?
RE: Issue Maintaining Logged in State - InsiteFX - 10-30-2020
Without seeing your session code it is hard to try and fix your problem.
This is how you can do it for all web browsers.
PHP Code:
header("Content-Type: application/json");
header("Expires: 0");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
If the 0 in the header expires isn't working on expires due to old browsers not understanding it,
you can try putting the date to a time in the past.
PHP Code:
header("Content-Type: application/json");
header("Expires: on, 01 Jan 1970 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
RE: Issue Maintaining Logged in State - clancey - 10-30-2020
I will try these ideas. The problem with Chrome is recent. Possibly since its last update. In further testing with other browsers, the problem cannot be replicated in Firefox, MS Edge or Opera.
I know the site is using a cookie, but all I check is $_SESSION data. In Chrome, that is getting unset, but only in one specific section of the website. As a result, I spent several hours reviewing the code to make sure there was nothing unintentionally destroying the session. As the user navigates, the site confirms that sessions are running and checks the user's status. That only happens once. The only location which destroys sessions is the log off script.
I use a common header file for all pages. That is where the browser is told to not cache. If I do not do that browsers show pages which reflect the wrong logged in status, but which otherwise function correctly.
I have been using the current system for almost a decade. This is the first time there have been problems. Because of its age I wanted to investigate a new system which holds the promise of being cookie free.
RE: Issue Maintaining Logged in State - InsiteFX - 10-30-2020
You can read this may solve your problem.
Session data lost in Chrome only
RE: Issue Maintaining Logged in State - clancey - 10-30-2020
It pointed me in the right direction. The solution was changing the following in the php.ini file
FROM
session.cookie_samesite="Strict"
TO
session.cookie_samesite="Lax"
I was aiming for greater security. Chrome hated it I guess.
RE: Issue Maintaining Logged in State - InsiteFX - 10-30-2020
Glad you got it working CodeIgniter 4 uses it also but it's set to Lax.
RE: Issue Maintaining Logged in State - clancey - 10-30-2020
Interesting. As soon as I am through my next round of projects I am going to start migrating to CI4.
At the moment, completing the migration to bootstrap.css. This was fairly rapid with normal pages and forms, but more challenging with some content as it is created outside Codeigniter. There is still a little 25 year old perl in use. Yikes!
Once complete, I am hoping for performance gains both from CI4 and PHP 8, when it is available in my site ecosystem.
RE: Issue Maintaining Logged in State - InsiteFX - 10-31-2020
When you make the move to ci 4 checkout the new views, view cells and layouts.