Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Native_session not working correctly
Native_session not working correctly
  • El Forum
    Guest
  •  
#1
06-27-2007, 04:22 AM

[eluser]xeron[/eluser]
hi

i'm getting crazy with this session library:

http://codeigniter.com/wiki/Native_session/

it is working, but sometimes when a user is inactive for some minutes and he refreshes the page, he appears to be logged in as another user.
i'm using email addresses as usernames, and when this problem occurs the new username is truncated near the end

i'll try to explain it better:

> user logged in as [email protected]
> user gets inactive
> user is active again, but now logged in as someoneelse@mail

here is my session library: CLICK

first i was using CI 1.5.1 with UserAuth from this thread: http://ellislab.com/forums/viewthread/45880/
after the problem occured i tried to use native_session from the wiki
i renamed CI_Session to CI_Native_session, to stay compatible with the rest of the code, because i use native_session->flashdata a lot

config.php
Code:
$config['sess_expiration'] = 7200;

login validation on every page:
Code:
if (!$this->userauth->check('',TRUE) || !$this->userauth->loggedin()) redirect('users/login');

admin area:
Code:
$this->userauth->set_allow('@admin');
        if (!$this->userauth->check('', TRUE)) {
            redirect();
        }

i've just had users who were logged in as admin after this bug occured, and i don't know where the problem could be Sad

please, help me!
  • El Forum
    Guest
  •  
#2
06-27-2007, 05:48 AM

[eluser]Flayra[/eluser]
Is he logged OUT or logged in as another user. There has been some issues with saving data in specific cases, because of the 'session_write_close()' at the end of the session run, but I've never heard of it using another session suddenly - it seems to be an issue with your design, not the library.
  • El Forum
    Guest
  •  
#3
06-27-2007, 06:42 AM

[eluser]xeron[/eluser]
at once he is logged in as another user, and can act as that user with that users permissions
what could be wrong with my design? the only thing i do with the session is logging in, and checking the login state as posted above %(
  • El Forum
    Guest
  •  
#4
06-28-2007, 10:46 AM

[eluser]xeron[/eluser]
omg, i found some mistakes in my web app:
first of all, the username database field of the remember_me lib was limited to 16 characters, thats because usernames (in my case the email addresses) were truncated when they were idle !

and in the userauth lib, line 176

Code:
// Expire an inactive login
if ( $this->obj->native_session->userdata('loggedin') ) {
    $expire_time = time() - $this->obj->config->item('login_expiration');
    if ( $this->obj->native_session->userdata('last_activity') <=  $expire_time) {
        log_message('debug', "Userauth: check: inactive login, expired");
        $this->logout();
    }
}

the config value "login_expiration" was not defined in the config (it also doesnt exist in the original userauth package)
i changed it to session_expiration

i also switched over to db_session

i hope that this all solves the problem Smile
  • El Forum
    Guest
  •  
#5
07-02-2007, 07:38 AM

[eluser]xeron[/eluser]
the problem still exists, users get sessions of other users (different ips/browsers, ip/browser check enabled in db_session class)

same problem as reported in this post: http://ellislab.com/forums/viewthread/45...70/#224590
  • El Forum
    Guest
  •  
#6
07-02-2007, 07:47 AM

[eluser]frenzal[/eluser]
i think i had something silly in my database like a user without email or username, so first time visitors without a cookie ended up logged in as that user




Theme © iAndrew 2016 - Forum software by © MyBB