-
JayAdra
Matrix Decoder
-
Posts: 123
Threads: 6
Joined: Apr 2015
Reputation:
13
06-26-2016, 11:16 PM
(This post was last modified: 06-26-2016, 11:24 PM by JayAdra.)
Hi,
I've been trying for hours without success to implement a simple session timeout checking script.
I have an AJAX call which runs every X seconds to check if the session has expired. If so, the JS takes them to login screen. Simple enough, but I'm having an issue with checking for an expired session.
The problem is when the request is made, I can see the session cookie expiry is getting extended before the check is made, so it never reads it as "expired". I'm wondering if there's a way to tell CI not to extend/recreate this cookie on a specific request?
I tried not instantiating the session library, but wasn't sure how to check if the session expired then (tried empty($_SESSION) but it wasn't set).
So how can I do this? Check if the session has expired without altering its expiry when I run the check? I feel like there's a simple solution that I'm missing.
Any ideas are greatly appreciated!
Thanks,
Jay.
-
dalcris
Newbie
-
Posts: 4
Threads: 1
Joined: Mar 2016
Reputation:
1
(06-26-2016, 11:16 PM)JayAdra Wrote: Yes, every request (HTTP/Ajax) will update the last_activity row.
1) 1.1. Try check without Ajax request. Simply get (with javascript(JS)) the ci_session cookie from browser, and obtain the last activity timestamp. 1.2 Get the current timestamp (with JS), obtain the difference from current timestamp and last_activity timestamp and compare with session.gc_maxlifetime &/ session.cookie_lifetime. 2) Another solution is to get the last_activity with PHP, save it into a JS valiable and after this follow the step 1.2.
-
skunkbad
Senior Citizen
-
Posts: 1,300
Threads: 63
Joined: Oct 2014
Reputation:
86
Yes, you're going to need to extend the session, because you are right in that a request can extend the expiration.
So block your request:
Code: <?php
defined('BASEPATH') OR exit('No direct script access allowed');
class MY_Session extends CI_Session {
public function __construct(array $params = [])
{
$CI =& get_instance();
if( $CI->input->get('session_checker') == 1 )
return;
parent::__construct($params);
}
// ------------------------------------------------------------------------
}
Then you're probably going to need to be using database sessions, so you can query for the expiration.
-
JayAdra
Matrix Decoder
-
Posts: 123
Threads: 6
Joined: Apr 2015
Reputation:
13
06-27-2016, 05:25 PM
(This post was last modified: 06-27-2016, 05:28 PM by JayAdra.)
(06-27-2016, 07:50 AM)skunkbad Wrote: Yes, you're going to need to extend the session, because you are right in that a request can extend the expiration.
So block your request:
Code: <?php
defined('BASEPATH') OR exit('No direct script access allowed');
class MY_Session extends CI_Session {
public function __construct(array $params = [])
{
$CI =& get_instance();
if( $CI->input->get('session_checker') == 1 )
return;
parent::__construct($params);
}
// ------------------------------------------------------------------------
}
Then you're probably going to need to be using database sessions, so you can query for the expiration.
Makes sense. So there's no way to read the expiration from file sessions?
I did previously try not loading the session library in this AJAX call only, so wouldn't that be achieving the same thing as extending Session class and stopping its init? I think the main problem then is checking the session expiry if I'm using file driver?
-
JayAdra
Matrix Decoder
-
Posts: 123
Threads: 6
Joined: Apr 2015
Reputation:
13
Okay so I played around with some things and managed to make some progress, but still having one minor issue.
Using the files driver, I am able to read the session data using this:
PHP Code: //Get session names
$cookie_name = $this->config->item('sess_cookie_name');
$session_name = get_cookie($cookie_name);
$file_path = $this->config->item('sess_save_path');
$file_name = $cookie_name . $session_name;
$file = $file_path . $file_name;
//Load session data
if($session_name && file_exists($file)) {
$data = file_get_contents($file_path . $file_name);
session_name($cookie_name);
session_start();
session_decode($data);
return true;
}
This manually gets the contents of the session file and loads it into the current session, so I can read it from $_SESSION. This works well, so that in my AJAX call I can check if $_SESSION is empty or doesn't have correct keys set etc.
The only problem is running session_start() manually like this, it is creating a new session file named sess_XXXXX, rather than the usual ci_session_XXXXX. I understand this is the default naming in PHP files driver, and CI files driver sets this manually to avoid conflicts - but my question is how can I get it to use ci_session instead of sess?
Obviously if I load and use the normal CI Session library, it'll do this, but it'll also extend the cookie/session expiry as well, which was my initial problem.
Anyone have any ideas? This isn't a major issue, but it's causing double the session files on the disk unnecessarily.
Thanks!
-
JayAdra
Matrix Decoder
-
Posts: 123
Threads: 6
Joined: Apr 2015
Reputation:
13
Thanks for the help - I'm afraid I'm not understanding what you mean with the response header.
Do you mean to say no ajax calls are necessary to check the sessions expiry? And there's something I can return in the normal page load headers which will automatically send the user to the login page upon timeout?
Not sure I fully understand - I've not heard of the method you're describing?
Thanks!
|
