Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming AJAX and CI Session (v1.7) w/DB
AJAX and CI Session (v1.7) w/DB
  • El Forum
    Guest
  •  
#11
01-29-2009, 05:07 PM

[eluser]Padraig Kennedy[/eluser]
Here is the bug report that I filed — keep an eye on this, I guess, for a fix from EllisLab.

One approach to fixing this would be to insert a new record, when regenerating the session ID, instead of updating the old record. As soon as a subsequent request was received using the new session ID, the old one could be removed. This would allow the session update mechanism to continue to work as intended (regenerating the session ID often) but it would also accommodate parallel requests.
  • El Forum
    Guest
  •  
#12
01-29-2009, 05:19 PM

[eluser]waspfactoryuk[/eluser]
[quote author="Padraig Kennedy" date="1233292034"]As soon as a subsequent request was received using the new session ID, the old one could be removed.[/quote]
You'd need to track the old session id in the new record so you knew what you were meant to be deleting but duplicating the session on the database and cleaning up later could be a nice approach.
  • El Forum
    Guest
  •  
#13
01-29-2009, 05:45 PM

[eluser]Padraig Kennedy[/eluser]
[quote author="waspfactoryuk" date="1233292775"][quote author="Padraig Kennedy" date="1233292034"]As soon as a subsequent request was received using the new session ID, the old one could be removed.[/quote]
You'd need to track the old session id in the new record so you knew what you were meant to be deleting but duplicating the session on the database and cleaning up later could be a nice approach.[/quote]

Yeah, we'd need a new column for that I think. We'd also need to think carefully about any requests that would change session variables in between that switch over.

The process:

1) A request arrives as the sess_time_to_update is exceeded.
2) A new session ID, "N" is generated, stored to the database and returned to the browser in a cookie. The old record, "O" is tagged for retirement.
3) Any subsequent requests from the "O" session would be processed (however an "N" cookie would be returned each time).
4) As soon as a request from the "N" session arrived, "N" would switch to being the primary session ID: The user state data from "O" would be transferred over to "N", and "O" would be removed.
  • El Forum
    Guest
  •  
#14
04-08-2009, 04:35 AM

[eluser]Padraig Kennedy[/eluser]
Any new thoughts on this? It's still broken in 1.7.1

PK
  • El Forum
    Guest
  •  
#15
04-08-2009, 05:11 AM

[eluser]davidbehler[/eluser]
I haven't read all the posts as far as I get it, the problem is that the session class updates the session id even though the request is "only" an AJAX request.

A possible solution I just thought of (untested!!) is to add a check to the sess_update() method and only update the session when the request is not done using AJAX using a function similar to this one: http://ellislab.com/forums/viewthread/108967/#549625
  • El Forum
    Guest
  •  
#16
04-08-2009, 07:23 AM

[eluser]drewbee[/eluser]
Yeah. I have completely overloaded the stock CI session class, so this is no longer an issue for me.
  • El Forum
    Guest
  •  
#17
05-13-2009, 03:33 AM

[eluser]mcjimbob[/eluser]
Hi, I'm having the same problem. I'm starting to add bits of AJAX functionality into a couple of websites.

We have a 'Change Details' page and I have developed a little 'username checker' in mootools. It basically does an AJAX request, checking if the username already exists in the system. Should be simple enough I thought.

The problem was that the AJAX requests seemed to log the user out. I'm now assuming I have the same problem with the session id changing on the AJAX request and the parent page is then out of date.

My initial fix was to add this to the constants.php config file

Code:
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');

Then this in the config.php file

Code:
if(IS_AJAX){
    $config['sess_time_to_update']     = 72000;
}else{
    $config['sess_time_to_update']     = 300;
}

I initially thought it was working but it seems to be a false hope! I've tested it with debug code and the config is being set ($config['sess_time_to_update'] = 72000, expiration is 7200) but that doesn't fix it.

Is this a different problem (tearing my hair out over this one!)
  • El Forum
    Guest
  •  
#18
05-13-2009, 07:26 AM

[eluser]drewbee[/eluser]
edit: sorry, that was for another fix Sad lol...

I have commented out the session id regernation line in the session class.

With your above, are you making sure to set the HTTP_X_REQUESTED_WITH via the ajax call? This needs to be manually set for it to be recognized.
  • El Forum
    Guest
  •  
#19
05-13-2009, 08:38 AM

[eluser]mcjimbob[/eluser]
Thanks for the reply.

I checked that the HTTP_X_REQUESTED_WITH was being recognised and indeed it was.

I have now sorted the problem - it was a mixture of a couple of things. One being the above problem, I solved this by recreating the session class, and altering the sess_update() method...

Code:
function sess_update()
    {

        // Check IS_AJAX constant!
          if (IS_AJAX){
            return;
        }
        .....


The other problem with actually elsewhere in my code - I was trying to manually refresh the session on every refresh. I've fixed that as well and it now all seems to work!
  • El Forum
    Guest
  •  
#20
05-14-2009, 03:34 AM

[eluser]WanWizard[/eluser]
It would be simpler to just use the original method, by putting this in your MY_SESSION library:
Code:
/**
* Update an existing session
*
* @access    public
* @return    void
*/
function sess_update()
{
   // skip the session update if this is an AJAX call!
   if ( !IS_AJAX )
   {
       parent::sess_update();
   }
}
This way you don't have to copy the entire function, and run into issues when a new CI version comes with an updated session library.




Theme © iAndrew 2016 - Forum software by © MyBB