| Session Failures |
[eluser]Derek Jones[/eluser]
That looks sound, newsun, thank you for sharing. I assume that this is just left in by accident on line 388? Code: #$this->sess_write($cookie_data);
[eluser]newsun[/eluser]
ah yeah left in by accident from my initial attempt to fix.
[eluser]Derek Jones[/eluser]
Committed a solution quite similar to your proposition, newsun, thank you. The primary issue was only in sess_update() where the full userdata was allowed to be sent to the cookie, but the other changes you suggested I agree make for better understanding of what's going on.
[eluser]theshiftexchange[/eluser]
I'm bumping this thread - because I am having this EXACT issue on my website - so either the code was never committed to 1.7.2 or it doesnt solve the problem. I'll use the information here and see what I can come up with
[eluser]WanWizard[/eluser]
ajax site? If so, search for "sess_update IS_AJAX". Losing sessions when using Ajax calls is a common problem, and has been discussed lots of times. The issue described here might have had the same symptoms, but this but is no longer present.
[eluser]theshiftexchange[/eluser]
[quote author="WanWizard" date="1289007357"]ajax site? If so, search for "sess_update IS_AJAX". Losing sessions when using Ajax calls is a common problem, and has been discussed lots of times. The issue described here might have had the same symptoms, but this but is no longer present.[/quote] I am not using AJAX anywhere in my site. So the issue remains - any other ideas? I have the EXACT symptoms described above?
[eluser]WanWizard[/eluser]
If you suspect it's a session update issue, set the config value 'sess_time_to_update' to a very large number (p.e. 86400, a day). Does it still happen? If so, it's not related to session ID rotation. And you are using at least CI 1.7.2. are you?
[eluser]theshiftexchange[/eluser]
I've done some research. The bug is described here: http://ellislab.com/forums/viewthread/172415/ http://ellislab.com/forums/viewthread/170123/ http://ellislab.com/forums/viewthread/169738/ http://ellislab.com/forums/viewthread/147812/ its also described here: http://ellislab.com/forums/viewthread/149102/ - and WanWizard you posted a possible solution - so I'll implement that and see what happens edit: yes - version 1.7.2
[eluser]WanWizard[/eluser]
If you're not using ajax calls, are you routing asset calls through CI? The session ID rotation issue can happen if one page request causes multiple requests to index.php (for example ajax calls, but also if you route asset loading through CI, or you have a error that causes multiple requests), and on one of these requests the session ID gets rotated. If this happens, the session cookie that the browser received in the response to the page request no longer has a valid session ID, which manifests itself as a loss of session. Enable your CI logs (log_threshold = 4), and check if one page request results in multiple calls to index.php. If so, find the reason and fix it. If it can't be fixed, the quickest way is to disable session updates, and call sess_update() manually whenever the security level in your application changes (i.e. login/logout).
[eluser]theshiftexchange[/eluser]
[quote author="WanWizard" date="1289054071"]If you're not using ajax calls, are you routing asset calls through CI? The session ID rotation issue can happen if one page request causes multiple requests to index.php (for example ajax calls, but also if you route asset loading through CI, or you have a error that causes multiple requests), and on one of these requests the session ID gets rotated. If this happens, the session cookie that the browser received in the response to the page request no longer has a valid session ID, which manifests itself as a loss of session. Enable your CI logs (log_threshold = 4), and check if one page request results in multiple calls to index.php. If so, find the reason and fix it. If it can't be fixed, the quickest way is to disable session updates, and call sess_update() manually whenever the security level in your application changes (i.e. login/logout).[/quote] ok thanks - i'll check that out. I appreciate the help |
| Welcome Guest, Not a member yet? Register Sign In |
MENU
EXTRA MENU
ABOUT US
CodeIgniter is a powerful PHP framework with a very small footprint, built for developers who need a simple and elegant toolkit to create full-featured web applications.
