Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Quick session question
Quick session question
  • El Forum
    Guest
  •  
#1
02-18-2009, 04:26 AM

[eluser]Las3r[/eluser]
modded -> please read next posts
  • El Forum
    Guest
  •  
#2
02-18-2009, 05:41 AM

[eluser]Las3r[/eluser]
Okay, since it's my own problem, i started to trial an error a bit.

It seems that the session data DOES get assigned, if i echo the $session_user/pass from the login.php directly, it shows the correct credentials.

This means that the session is not carried over when user clicks a link to a new page (in this case a page that has teh following simple script:

Code:
<?php
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Userpage extends Controller {

        function index()
        {
        $this->load->helper(array('url'));
        $this->load->model('userlogin_functions');
        if ($this->userlogin_functions->verify_session() == FALSE)
        { echo 'no session found!';}
        else
        { echo 'you are verified and logged in';}
        }
        
        

}


/* End of Random user page controller */

The function is called as shown above:

Code:
function verify_session()
    {
        $session_id = $this->session->userdata('session_id');
        $session_username = $this->session->userdata('session_username');
        $session_password = $this->session->userdata('session_password');
        if (($session_username == FALSE) OR ($session_password == FALSE))
        {
        echo 'session id: '.$session_id;
        echo 'session username: '.$session_username;
        echo 'session_password: '.$session_password;
        }
        
        else
        {
        $checkcreds = 'SELECT * FROM MEMB_INFO WHERE  memb___id =? AND memb__pwd = [dbo].[fn_md5](?,?)';
        
        $db1 = $this->load->database('accounts', TRUE);

        $verifysess = $db1->query($checkcreds,array($session_username,$session_password,$session_username));
        return ($verifysess->num_rows() != 0)?TRUE:FALSE;
        }

            
    }

Is this an error I am making?
  • El Forum
    Guest
  •  
#3
02-18-2009, 06:19 AM

[eluser]Las3r[/eluser]
Some more testing pointed out that let's say I login, and it prints me the session id #1 + user + password (md5hash) for testing - this works. Then I go to another page (directly linked from the login-success page) and i echo the session_id again, however , there it's different (F5 DOES give the same (different) ID all the time), as well has no custom data the login-controller inserts during a succesful login.


What does this mean? The session ID is changing (and thus losing the username / pass). Is this because it's renewing the session? I thought that wouldn't happpen for 300 seconds...

EDIT: I changed the sess_time_to_update to 0 and the session_id continuesly changed (as expected), changed it to 7200 and it didn't change - HOWEVER this didn't change the fact that when i login and move to a 'loggedin=1'-page, it will tell me there's a DIFFERENT session_id (with the missing custom $data). In other words it SEEMS like it destroys the old session and creates a new one, but why?


I thought maybe this is because if have sessions set to auto-load, and it makes a new sessions for every page?

EDIT: Tried changing autoload.php to manual inclusion in the actual controllers - didn't make any difference..

EDIT: I tried to rule out windows OS / my local wamp setup to be the problem by uploading the code to a production server (Red hat Enterprise linux), same problem. I'm starting to think this is an error in CI...

I've worked a lot before with sessions in php (session_start(); etc), and i've never encountered anything like this before. At the moment i'm stuck and can't move on, cause i want to run DB queries based on the userID, and i can't continue developing if I don't get this working..

So please...help me out.

Erik.

p.s. I'm on a static company line (no ip changes), am using the same browser consistently (even the same tab...)
  • El Forum
    Guest
  •  
#4
02-18-2009, 10:02 AM

[eluser]Las3r[/eluser]
As a last resort i tried from another pc with multiple browsers - fact remains I can't get session data to be 'kept' , and this way I won't be able to continue my developing.

I know it's probably a config somewhere, but anyway, but a reply would be much appreciated.

Erik
  • El Forum
    Guest
  •  
#5
02-18-2009, 06:02 PM

[eluser]Relexx[/eluser]
you are using $this->session->set_userdata() to set your session variables? I can not see it in you code snippet.
  • El Forum
    Guest
  •  
#6
02-18-2009, 06:32 PM

[eluser]Las3r[/eluser]
Yea,

I removed some code here, my bad.

Code:
if ($this->userlogin_functions->check_user($username,$password) == FALSE)
                {
                // Wrong user + pass combination was found - fuck you message
                echo 'wrong user / pass';
                  redirect('/login', 'location', 301);
                }
                
                else
                
                {
                // Successfull login - time for sessions!
                echo 'logged in';
                $md5pass = $this->userlogin_functions->get_fn_md5_pass($username);
                
                $sessioninfo = array(
                   'session_username'  => $username,
                   'session_password'  => $md5pass
                                    );

                $this->session->set_userdata($sessioninfo);
                $session_id = $this->session->userdata('session_id');
                $session_username = $this->session->userdata('session_username');
                        $session_password = $this->session->userdata('session_password');
                echo '<br />session_id: '.$session_id.'<br /> username in session: '.$session_username.'.<br />password: '.$session_password;
                echo 'link: <a href="/userpage">click</a>';
                }

Altho the session gets set correct, the echo's of the session_id,username,password show the right data, however when i move to 1 different page within the application (my_account for example) and echo these 3 session-info's again, the username and passwords have been 'unset' and the session_id is sometng completely different.

When i stay on that page and F5 like 5 times, the session id DOES stay the same (this is the same with the login success screen -> info STAYS the same).
  • El Forum
    Guest
  •  
#7
02-18-2009, 07:24 PM

[eluser]Relexx[/eluser]
Not that I have this problem (yet)

Quote:Sessions will typically run globally with each page load

So it appears you may be a little stuck.

if you are using a DB, you could send the current session_id to the page you are about to load, and part of the page load transfer all all session data from the old session to the new session. That would involve a fair bit of coding I think.
  • El Forum
    Guest
  •  
#8
02-18-2009, 07:32 PM

[eluser]Las3r[/eluser]
I can understand , however the bigger problem here is (mostly my main concern as well), how can it be that sessions in files, BY DEFAULT SETUP, don't work properly? I see that as a serious malfunction, and i've spent countless hours of error and trial to rule out my webserver, my pc, my browser, my everything, so i did all I could, i hope to get an official statement on this Smile

Erik.




Theme © iAndrew 2016 - Forum software by © MyBB