[eluser]Uto[/eluser]
Hi,
I have a site made with code igniter which has a public and a private zone. Once I determine the login is correct (in login.php controller) I set a session var (user id) and then I redirect to another controller using "header" function.
All the private controllers are of te class MY_Controller, that expands Controller, and on creation they check for that session var, and if it does not exists, they redirect to public page.
Well, this works.. on some computers, and fails in others. Apparently the redirection allways work, but sometimes the session values are missing. After checking in 4 machines I have this results:
1) Windows: works on Firefox. Fails on Explorer, Opera, Chrome and Safari.
2) Windows: works on Firefox, Explorer, Opera and Safari. Chrome hangs up on that PC so I cannot check it.
3) Linux: works on Firefox.
4) Windows: works on Explorer, fails on Firefox.
5) iPhone: works on Safari.
Obviously the question is: how come it works on some PCs and it does not on others?
Notes:
- The server is Windows/ISS.
- The whole site is under https protocol, login page included.
These are fragments of code and config files:
php.ini
Code:
session.save_path="XXXXX" ;<-- here goes a correct path with writing permissions
[Session]
session.save_handler = files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 86400
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
config.php on CI
Code:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
controller login.php code for successful login
Code:
$this->load->library('session');
$this->session->set_userdata('PERSON_ID', $userid);
$url = $siteURL . "/privatehome";
header("Location: $url");
Extended Controller
Code:
class MY_Controller extends Controller {
var $personid;
function MY_Controller()
{
parent::Controller();
$this->load->library('session');
$this->personid = $this->session->userdata('PERSON_ID');
if (($this->personid == FALSE) || ($this->personid=="")) header('Location: ' . SITE_URL . "/login/expired");
}
}
