Login

michaelh99 · 03-18-2016, 05:04 PM

My apologies if this is covered somewhere else. A googling and search here came up with too many unrelated hits.

I've got an issue where session data comes back from the dead.

I'm using 3.0.5 with file based sessions and saving the fact when a user logs out by unsetting a session variable.

I've added all sorts of logging and can clearly see that the session var is cleared and right after the next redirect, the variable is set again to what it used to be.

Is there something I've missed? Forcing the persistence before a redirect?

One other detail...

If I delete all the session files, things work as expected for about 3 iterations (of log in log out) and then stops working again.

**InsiteFX** · 03-19-2016, 04:21 AM

Did you use this?

$this->session->sess_destroy();

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

michaelh99 · 03-19-2016, 09:27 AM

No, I didn't want to destroy all the session data but just one variable. I'm using

$this->CI->session->unset_userdata('name');

michaelh99 · 03-19-2016, 11:46 AM

It looks like this was caused by not setting my cookie domain and/or prefix for my local development site, which explains why I only had this problem locally.

I had them both as blank.

So far things seem to be working as expected after setting them to non-blank values and different from the live site

michaelh99 · 03-19-2016, 12:49 PM

I don't know when a moderator will approve my replies but it looks like I was wrong about this working. It looks like if the session is old enough, variables still come back from the dead.

At the moment my theory is that it's related to the session sess_time_to_update setting (300) but that's a guess on my part.

arma7x · 03-19-2016, 02:19 PM

Does your $config['base_url'] is empty or filled incorrectly ?

Keep calm.

michaelh99 · 03-19-2016, 02:33 PM

It's filled in correctly...

$config['base_url'] = 'http://netsuke.danceminder.com/';

which resolves to my local test server

I'm also wondering if there's a collision with my cookie name on the live server. I'm making that unique too.

arma7x · 03-19-2016, 02:44 PM

Maybe you should dump session data before & after. Make sure the item you unset is exist/valid

Keep calm.

michaelh99 · 03-20-2016, 02:25 PM

That's what I was doing in this step "I've added all sorts of logging and can clearly see that the session var is cleared and right after the next redirect, the variable is set again to what it used to be." in my original post.

It looks like it was a combination of cookie errors.

after making sure that the cookie prefixes were set for the local server and using a unique prefix per test environment and having the sessions be destroyed on regeneration and clearing all the old cookies out of my browser, everything seems to be working now

arma7x · 03-20-2016, 02:36 PM

Did you working on subdomain? What is your storage driver?

Keep calm.