Which session library to use? Any suggestions?

[eluser]mrbinky3000[/eluser]
So, to recreate.

- Grab CI, install it
- Grab dx_auth, install it.
- Config both
- Log in with Firefox. No problems.
- Try and login using IE. No go.

I did the obvious debugs:
- checked on other computers to make sure it wasn't just my computer, got on IM and asked friends to check it out. Others using IE could not log in.
- I wrote a one-off php script outside of the CI environment that simply sets a cookie and provides a link to another script that reads said cookie. IE got the cookie just fine.
- I wrote a simple controller to set a session var via CI sessions. It did not work. Hmm, so it isn't likely to be dx_auth. Cookie never appeared.
NOTE: I suppose I can try a fresh install of CI without DX auth and see what's up. Will try that in the future.
- Double and triple checked the cookie settings in application/config/config.php I used the same settings to set the cookie in my one-off script. Settings are not the problem.

Resolution:
Switched out CI's session class with one that uses native php session functions. Problem went away.

What does this tell me:
- Did I configure something wrong? Perhaps, though I really doubt it.
- Is it dx_auth's fault. Perhaps, but dx_auth works fine with a differentt session class.
- Is there something wrong with the server? Perhaps. But unfortunately, I did not set it up and changing the server is not an option for one of the two clients. And even if it is the server's fault, that shouldn't matter in this case.

Regardless of whether or not it's the server's fault, my fault, the browser's fault... I'm convinced more than ever that CI sessions are not necessary. Other people have already provided helpful replies stating that they don't use CI sessions because native sessions are more convenient. I agree but also argue they are also more reliable.

I realize that no one is forcing me to do anything. I'm just trying to help people having similar problems with sessions from wasting two days hunting down bugs and arguing with unhelpful people like yourself.

So theres all the reproduction info, mainly for others to read. I am unsubscribing from this thread. I will continue to monitor the other thread that I started.

http://ellislab.com/forums/viewthread/135722/

jedd, if you wish to continue your personal attacks, please just PM me and stop polluting both these threads with unhelpful replies. I wish I had the ability to delete your unhelpful comments.

[eluser]guidorossi[/eluser]
How can I implement the "remember me" checkbox that most sites have using CI Sessions? because if the checkbox isn't checked I need to destroy the session when the browser is closed, but I can't do this (or I don't know how) with CI Sessions.

[eluser]Jonathan Angel[/eluser]
For those looking for a fix, I have resolved my problem:

I took a few minutes to diagnose the same problems described with CI Sessions and DX Auth.

First, I synchronized both server and client time (both where wrong). Temporarily the problem subsided; however, it mysteriously stopped storing the session. So.. I checked the database and no session or login attempt was being recorded.

Second, I began reading this and other discussions and found that by removing the underscore (_) in the CI config.php file, the problem was resolved.

Original:

Code:

$config['sess_cookie_name'] = 'ci_session';

Modification:

Code:

$config['sess_cookie_name'] = 'cisession';

I no longer have a problem with sessions in IE8 on WinXP.

For those that attempt to resolve their problem using these methods, please post your results, good or bad. By the way... uber-fan of CI.

[eluser]n0xie[/eluser]
*ahum*
[quote author="n0xie" date="1258664219"]simply removing the underscore in the cookie name comes a long way.[/quote]

[eluser]jedd[/eluser]
[quote author="n0xie" date="1260296657"]*ahum*[/quote]

Don't worry n0xie - I've already defended your good name (and suggestions), albeit by proxy, at this [url="/forums/viewthread/135722/#675688"]other, remarkably similar, thread[/url].

I see that mrbinky isn't around anymore - originally I assumed he'd just set it to ignore my posts, but there's been plenty of other activity (advice, help, dare I say solutions) posted in the threads he was active in. Perhaps he became enlightened.

It's a real shame that the cathartic value of a really good 'I told you so' is now just so under-rated, and indeed bordering on socially unacceptable. I think that's because the majority of people are now likely to be recipients, rather than deliverers, of a hearty 'I told you so'. Obviously it was different when the ratio was in our favour. The [url="http://en.wikipedia.org/wiki/Eternal_September"]eternal September[/url], and all that. Oh well, on with the dumbening.

[eluser]n0xie[/eluser]
While the I'm not one the back away from a well deserved 'I told you so', the point of my whole argument was to push the unknowing in the right direction, lets they learn something new. I'm not entirely sure I succeeded ;-)

[eluser]RobertSall[/eluser]
I've launched a site which got pretty many users at the moment, but some users complains on autologout and some can't login sometimes. I'm not sure which browsers they are using but at least one use IE. I don't want to update the files right now so the users wont see any errors or such. I removed the underscore in the config file for the session name, do you think this will solve my problem?

Thanks.

[eluser]jedd[/eluser]
[quote author="RobertSall" date="1263262514"]
've launched a site which got pretty many users at the moment, but some users complains on autologout and some can't login sometimes. I'm not sure which browsers they are using but at least one use IE. I don't want to update the files right now so the users wont see any errors or such. I removed the underscore in the config file for the session name, do you think this will solve my problem?
[/quote]

That's a pretty big question. 'Can't login sometimes' is a touch vague, and doesn't necessarily equate to cookie timeout or underscore problems.

It'd be nice to know what version of IE they're using (IE6 is bordering on criminally evil, f.e., and its behaviour simply can't be predicted) - and any other funky stuff going on at the app end.

[eluser]RobertSall[/eluser]
[quote author="jedd" date="1263264801"][quote author="RobertSall" date="1263262514"]
've launched a site which got pretty many users at the moment, but some users complains on autologout and some can't login sometimes. I'm not sure which browsers they are using but at least one use IE. I don't want to update the files right now so the users wont see any errors or such. I removed the underscore in the config file for the session name, do you think this will solve my problem?
[/quote]

That's a pretty big question. 'Can't login sometimes' is a touch vague, and doesn't necessarily equate to cookie timeout or underscore problems.

It'd be nice to know what version of IE they're using (IE6 is bordering on criminally evil, f.e., and its behaviour simply can't be predicted) - and any other funky stuff going on at the app end.[/quote]

Yea well that's all I know, they get logged out randomly. I don't think they're using IE 6 since it's almost dead now? It's hard for me to show you the code cuz it's alot, the code adding sessions looks like this:

Code:

$this->session->set_userdata('user', $loginOK["user_id"] );
                $this->session->set_userdata('groupname', $loginOK["group_name"] );
                redirect('users');

The code that check the sessions looks like this

Code:

$user = $this->session->userdata('user');
        if ( ! empty ( $user ) )
        {
            define('USERID', $user);
            $this->load->model('User_model','User',true);
            $user = $this->User->findSingle(USERID);
            define('USERNAME', $user["username"] );
            define('USERSHOWS', $user["shows"] );
        }
        
        // vilken användargrupp man tillhör
        $group = $this->session->userdata('groupname');
        if ( ! empty ( $group ) )
            define('GROUP', $group);

I had an underscore in the "groupname" session before but removed that aswell. Is there anything else I should think of that might cause the "random logout" issue?

[eluser]jedd[/eluser]
What's your $config['sess_cookie_name'] = 'cisession'; set to?

[quote author="RobertSall" date="1263265204"]
I don't think they're using IE 6 since it's almost dead now?
[/quote]

You'd hope / think so, but talking to a web master a couple of days ago and he reckoned they get about 5-10% of hits from IE6. And they run a fairly techy web site, so the 'real' numbers might be higher. It's pretty disturbing no matter which way you look at it.


Oh yeah - underscores in your hostname?

Time is set pretty accurately on the host?