Multiple Set-Cookie in header? Session regenerating maybe? |
We have an issue with our simplesamlphp authentication.
I believe the issue is that the session is being regenerated. In the Header I can see the following Code: Set-Cookie: ci_session=1f8a5fc76b261172fc190f8161cbc91ad5901b49; path=/; HttpOnly When does CodeIgniter Set-Cookie multiple times? This is my Cookie at the moment it happens. Code: Cookie: ci_session=1f8a5fc76b261172fc190f8161cbc91ad5901b49 So it looks like it's resetting my cookie and then resetting to a new one? I don't understand what is going on.
(04-20-2017, 04:40 AM)AzaZPPL Wrote: The only thing I could find is our upgrade from CodeIgniter 2 to CodeIgniter 3. LOL That is a big change! Did you follow the upgrade guide? Upgrading from 2.2.x to 3.0.x Step 6 of the guide is about Session library
The session ID lengths are different ... if it was CI_Session setting both, that wouldn't be the case.
(04-20-2017, 04:58 AM)Martin7483 Wrote:I've made sure that I followed all steps. Everything with the session works except for this part.(04-20-2017, 04:40 AM)AzaZPPL Wrote: The only thing I could find is our upgrade from CodeIgniter 2 to CodeIgniter 3. This is the config for session used Code: $config['sess_driver'] = 'database'; (04-20-2017, 05:00 AM)Narf Wrote: The session ID lengths are different ... if it was CI_Session setting both, that wouldn't be the case.I don't undestand what you mean.
Could it have something to do with this: https://github.com/bcit-ci/CodeIgniter/i...-193412960
(04-20-2017, 05:33 AM)AzaZPPL Wrote:(04-20-2017, 04:58 AM)Martin7483 Wrote:I've made sure that I followed all steps. Everything with the session works except for this part.(04-20-2017, 04:40 AM)AzaZPPL Wrote: The only thing I could find is our upgrade from CodeIgniter 2 to CodeIgniter 3. If you followed all the steps, you wouldn't have 3 of these settings. Hint: you aren't even using 2 of them. (04-20-2017, 05:33 AM)AzaZPPL Wrote:(04-20-2017, 05:00 AM)Narf Wrote: The session ID lengths are different ... if it was CI_Session setting both, that wouldn't be the case.I don't undestand what you mean. The first Set-Cookie header sets a 40-character ID - that is sent by CI. The second has a 32-character ID - that is NOT what CI sends; something else is causing it. (04-20-2017, 06:38 AM)AzaZPPL Wrote: Could it have something to do with this: https://github.com/bcit-ci/CodeIgniter/i...-193412960 Entirely possible. (04-20-2017, 06:49 AM)Narf Wrote:(04-20-2017, 05:33 AM)AzaZPPL Wrote:(04-20-2017, 04:58 AM)Martin7483 Wrote:I've made sure that I followed all steps. Everything with the session works except for this part.(04-20-2017, 04:40 AM)AzaZPPL Wrote: The only thing I could find is our upgrade from CodeIgniter 2 to CodeIgniter 3. Thanks for the update. I kind of now know where to search. I've missed the session config options. I've changed them and they look like so now. Code: $config['sess_driver'] = 'database'; (04-20-2017, 07:41 AM)Narf Wrote:(04-20-2017, 07:15 AM)AzaZPPL Wrote: So like this? Code: $config['sess_driver'] = 'database'; I think I might have an old config file since it still shows: Code: /* Doesn't the sess_expiration already default to 7200? (04-20-2017, 07:58 AM)AzaZPPL Wrote: So like this? Missing some non-important settings, but yes. (04-20-2017, 07:58 AM)AzaZPPL Wrote: I think I might have an old config file since it still shows: If you didn't have an old config, we wouldn't be having this conversation. (04-20-2017, 07:58 AM)AzaZPPL Wrote: Doesn't the sess_expiration already default to 7200? No. |
Welcome Guest, Not a member yet? Register Sign In |