(03-05-2015, 02:50 PM)Avenirer Wrote: Maybe this is due to the expiration of csrf token?
I don't think so. It happens very randomly, so even if i deleted the cookies manully, it happens. I struggling with this problem for quite some time now, and normally I did ignored it, but sometimes my users need 10-15 trials to just connect, what is really annoying.
I thought it has something to do with the codeigniter version, because it began to occur on version 3.x.
Currently I'm using the relase-candidate 2. s:
Maybe it's helpful to say what I tried before:
- renaming the csrf tooken name and cookie name ( tried not to use _ or -, so for example "mycsrfcookie" )
- disabled csrf, just to test if this is really the problem: it is
- instead of writing the form with the form-helper i tried sth. like this:
Code:
<input type="hidden" name="<?php echo $this->security->get_csrf_token_name(); ?>" value="<?php echo $this->security->get_csrf_hash();?>" />
(not working either)
For information, I don't use ajax there.
Maybe it would help if I provide a little piece of code:
login-controller-method:
Code:
[...]
$this->load->library( 'form_validation' );
$this->form_validation->set_rules( $this->user->get_validation_rules() );
if( TRUE === $this->form_validation->run() ) {
if( TRUE === $this->user->login() ) {
redirect( base_url( 'dashboard' ) );
} else {
$this->session->set_flashdata( 'login_msg', $this->lang->line( 'login_wrong_combi' ) );
redirect( base_url( 'login' ) );
}
}
[...]
user-model-method (the controller referes to by using $this->user):
Code:
public function login()
{
$user = $this->db->get_where( $this->table, array( 'name' => strtolower( $this->input->post( 'user' ) ) ) )->row();
if( 0 >= count( $user ) )
return false;
if( ! $this->passwordhash->CheckPassword( $this->input->post( 'password' ), $user->password ) )
return false;
if( false === ( $role = $this->simple_auth->getSA()->getRole( $user->role ) ) )
show_error( "User role '" . $user->role . "' is not defined!" );
$data = array(
'id' => $user->id,
'name' => $user->name,
'logged_in' => true,
'role' => $user->role
);
$this->session->set_userdata( $data );
return true;
}
Just a short explanation:
If the user could be validated and verified, he's sent to the "dashboard" otherwise he's redirected to the login site again.
I thought maybe when I set the session data, it's overriding the cookie, but why should it work sometimes?
-.-.-.-.-.-.-.-.-
-.-.-.-.-.-.-.-.-