Welcome Guest, Not a member yet? Register   Sign In
Sessions in Codeigniter gets changed during page load
#1

Hi,

I am currently working on a CodeIgniter (v 3.1.9) project. It has a login page. 

When two different users (A and B) try to login from two different systems at same time, one of the user's session gets modified on loading. 

The loading takes a small amount of time and if the user A gets logged in first, it will be redirected to its own user homepage. Next, when user B completes its login, it will be redirected to user A's homepage which is strange. I also noticed that user B gets user A's session ID here. The same issue happens if the order of user login is changed, i.e if user B gets logged in first. The issue is noticed only when two users click the login button at the same time, otherwise it is fine.

Is it due to a bug related with CodeIgniter. Are there any workarounds to fix this issue?
Reply
#2

It might be a bug, or it might be an implementation issue, or it might be a session and/or cookie configuration issue. Please show the related $config settings and your login code.
Reply
#3

(09-27-2018, 08:46 AM)dave friend Wrote: It might be a bug, or it might be an implementation issue, or it might be a session and/or cookie configuration issue. Please show the related $config settings and your login code.

Hi,

Below is the configration used for my website.

// config.php

--snip--
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = BASEPATH.'sess/cache/';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
--snip--

--snip--
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
--snip--


Below codes are used for creating session and destroying it after login/logout. 

// Create session after login 
 $this->session->set_userdata('employer_id', $data['id']);

// Destory session after logout
 $this->session->unset_userdata('employer_id');
Reply
#4

(09-28-2018, 12:09 AM)gaustinv88 Wrote:
(09-27-2018, 08:46 AM)dave friend Wrote: It might be a bug, or it might be an implementation issue, or it might be a session and/or cookie configuration issue. Please show the related $config settings and your login code.

Hi,

Below is the configration used for my website.

// config.php

--snip--
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = BASEPATH.'sess/cache/';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
--snip--

--snip--
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;
--snip--


Below codes are used for creating session and destroying it after login/logout. 

// Create session after login 
 $this->session->set_userdata('employer_id', $data['id']);

// Destory session after logout
 $this->session->unset_userdata('employer_id');

I don't see any "that's the problem" above, but there are a couple things you could try. First make sure BASEPATH.'sess/cache/' has the proper permissions (700) and user:group (often www-data:www-data or root:root) .

I'm a little suspicious about the location of the session data folder as a subfolder of "system". My preference is to put it on the same level as the public (root) folder. Where the root folder is "htdocs" and the session data folder is "sessions" I set the config like this.

PHP Code:
$config['sess_save_path'] = substr(FCPATH0strpos(FCPATH'htdocs/')) . "sessions/"); 

It might be worth a try.

The other place I've sometimes had trouble is with the cookie_domain where it would not work with an empty string. Try the following.

PHP Code:
config['cookie_domain'] = '.example.com'

Obviously, replace "example.com" with your site's domain.

Hope this helps.
Reply
#5

I have same kind of issues with 3.1.9. I use file storage for sessions. Session files are created successfully but, when reloading the page it gets destroyed. I had to downgrade to 3.1.8 to make it work again.
Reply
#6

I have same problem with sessions and i tried everything to fix it but CI 3.1.9 swap sessions if users click a link at same time
Reply
#7

(10-24-2018, 01:03 AM)gard_olsen Wrote: I have same kind of issues with 3.1.9. I use file storage for sessions. Session files are created successfully but, when reloading the page it gets destroyed. I had to downgrade to 3.1.8 to make it work again.

I'm facing this issue in 3.1.8 as well , 
on live server sesssion works well but on local pc & Project replica  in subfolder on live doesn't work well, 
old session values are retained even after logout in different controllers.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB