Sessions expiring after browser closes

[eluser]mattpointblank[/eluser]
Hi all.

Sorry - I know this topic comes up a lot, but I couldn't find any solutions in past threads.

I'm using the EckoSession library to store sessions in the database, but I don't think this is the problem. My config.php includes this code:

Code:

$config['sess_expiration']        = 1296000; // 15 days
$config['sess_encrypt_cookie']    = FALSE;

However, when I close my browser, the session information is forgotten.

I've seen people recommending how to set a cookie, but honestly, I'm unable to see how to make this work with my application. I wrote my own user authentication functions, but I don't really see how I can set a cookie and then automatically log a user in once they visit my site a second time after the cookie is set - isn't that what the sess_expiration config item is meant to do?!

Matt

[eluser]Zeeshan Rasool[/eluser]
What is value for

Code:

$config['sess_time_to_update']     = 7200;

[eluser]mattpointblank[/eluser]
It's set to 300.

[eluser]mattpointblank[/eluser]
Anybody?

[eluser]AgentPhoenix[/eluser]
I built my own authentication library for my application and am using cookies to do an auto-login feature. It's actually pretty easy.

When the login method fires, there's an option to set a cookie so the site remembers the user. If that option is set, I set a cookie with their email address and password (the items required for them to login). Now, they've got a cookie set on their computer that can be used later on.

Say they close their browser and come back a few hours later. When they get to the site, the constructor has a call to a method in the library that checks to see if they're logged in. If they aren't logged in, it checks for the cookie to see if it should try an autologin. If there is a cookie, it pulls the email address and password out of the cookie and feeds it to the login method (which in turn sets session variables, etc.). If the cookie doesn't exist, it kicks them over to the login page.

That's pretty much it.

[eluser]Zeeshan Rasool[/eluser]
i think 300 means few mints so may be when you close you browser in few mints then cookies creates another id and your session lost.
extend it to 7000 and try again

[eluser]mattpointblank[/eluser]
[quote author="AgentPhoenix" date="1257811544"]When they get to the site, the constructor has a call to a method in the library that checks to see if they're logged in.[/quote]

This is the part I can't get my head round - how are you calling that method when someone loads your site?

[eluser]visormatt[/eluser]
If you take a look at the sessions class documentation if you are loading it in your index() or controller function like the below line

$this->load->library('session');

then it is set to run automatically -> hence creating the session and maintaining from this point forward -> until you choose to destroy the session or the $config['sess_time_to_update'] has expired.

Another possibly is that your browser(s) are set to clear cookies when being closed or maybe just clearing browser history both of which may remove the cookies you have stored. Try setting the sess_time_to_update to 0 (no time limit) and then users will have the cookie stored until they have in some manner removed the cookie as mentioned above.

[eluser]AgentPhoenix[/eluser]
[quote author="mattpointblank" date="1257814818"][quote author="AgentPhoenix" date="1257811544"]When they get to the site, the constructor has a call to a method in the library that checks to see if they're logged in.[/quote]

This is the part I can't get my head round - how are you calling that method when someone loads your site?[/quote]

In my constructor, I have a line of code that checks whether or not a user is logged in. The constructor looks like this (non-relevant parts removed):

Code:

function Main_base()
{
    parent::Controller();
    
    ...
    
    /* check to see if they are logged in */
    $this->auth->is_logged_in();

    ...
}

Then, in my authentication library, I have a method called is_logged_in that looks like this:

Code:

function is_logged_in($redirect = FALSE)
{
    /* get an instance of CI */
    $this->ci =& get_instance();
    
    if ($this->ci->session->userdata('player_id') === FALSE)
    {
        $auto = $this->_autologin();
        
        if ($auto !== FALSE)
        { /* if the autologin was successful */
            return TRUE;
        }
        
        if ($redirect === TRUE)
        {
            redirect('login/index/error/1');
        }
        else
        {
            return FALSE;
        }
    }
    
    return TRUE;
}

As you can see here, if the user isn't logged it, in tries to do an autologin through the following private method:

Code:

function _autologin()
{
    /* get an instance of CI */
    $this->ci =& get_instance();
    
    /* load the resources */
    $this->ci->load->model('system_model', 'sys');
    
    /* load the CI resources */
    $this->ci->load->helper('cookie');
    
    /* grab unique identifier */
    $uid = $this->ci->sys->get_uid();
    
    /* get the cookie */
    $cookie = get_cookie($uid, TRUE);
    
    if ($cookie !== FALSE)
    {
        $login = $this->login($cookie['email'], $cookie['password']);
        
        return $login;
    }
    
    return FALSE;
}

From here, I simply pull the system unique ID (which is how the cookie is named) and then pass the email and password parameters to the login method which then check those values against what's in the database and goes from there.

[eluser]mattpointblank[/eluser]
Thanks guys - I ended up using Hooks to run a cookie check when the controllers load, and if it exists, I repopulated the session userdata. Annoying that it doesn't just work as it's supposed to, but that's life.