[eluser]slowgary[/eluser]
EDIT - Will someone from EllisLab confirm this bug? Is this resolved in CI2.0? Thanks.
Hi all,
I've read many posts about the session class being faulty and I have to say that for the most part, they're wrong. I do, however, believe there is a real problem with CI Sessions. In a regular, old school web-app you may never see this scenario. These days this is a more common scenario and one that I am currently facing.
Here it is:
"Bob" has been staring at a web application for 6 minutes, which means his very next request will get a new session ID. He clicks a button that initiates TWO ajax requests. The first request hits the server side which runs through the session ID regeneration. The second request which has already left the client with the old session ID, hits the server and causes Bob's session to be destroyed.
And there it is. This problem is not limited to AJAX requests, but any concurrent requests. The most likely examples I could think of are AJAX heavy applications and serving assets through a controller. I've seen a few proposed solutions which disable the sess_update() call for AJAX requests, but as mentioned this problem is not restricted to AJAX.
If you can add any additional info, or prove that this is incorrect or that some config change will solve the issue, please let me know.
Thanks for reading.
