Welcome Guest, Not a member yet? Register   Sign In
Login, Session, redirection, failure...
#1

[eluser]Uto[/eluser]
Hi,

I have a site made with code igniter which has a public and a private zone. Once I determine the login is correct (in login.php controller) I set a session var (user id) and then I redirect to another controller using "header" function.

All the private controllers are of te class MY_Controller, that expands Controller, and on creation they check for that session var, and if it does not exists, they redirect to public page.

Well, this works.. on some computers, and fails in others. Apparently the redirection allways work, but sometimes the session values are missing. After checking in 4 machines I have this results:

1) Windows: works on Firefox. Fails on Explorer, Opera, Chrome and Safari.
2) Windows: works on Firefox, Explorer, Opera and Safari. Chrome hangs up on that PC so I cannot check it.
3) Linux: works on Firefox.
4) Windows: works on Explorer, fails on Firefox.
5) iPhone: works on Safari.

Obviously the question is: how come it works on some PCs and it does not on others?

Notes:
- The server is Windows/ISS.
- The whole site is under https protocol, login page included.

These are fragments of code and config files:

php.ini
Code:
session.save_path="XXXXX"   ;<-- here goes a correct path with writing permissions

[Session]

session.save_handler = files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 86400
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor     = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0

config.php on CI
Code:
$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

controller login.php code for successful login
Code:
$this->load->library('session');
$this->session->set_userdata('PERSON_ID', $userid);
$url = $siteURL . "/privatehome";
header("Location: $url");

Extended Controller
Code:
class MY_Controller extends Controller {
  
    var $personid;

    function MY_Controller()
    {
        parent::Controller();
        
      
        $this->load->library('session');
        $this->personid = $this->session->userdata('PERSON_ID');

        if (($this->personid ==  FALSE) || ($this->personid=="")) header('Location: ' . SITE_URL  . "/login/expired");
    }

  
}
#2

[eluser]LuckyFella73[/eluser]
Did you check the cookie setting while testing on the 4 PCs?
Sounds strange that your application runs on Windows PC 4)
and not on PC 1) using the same browser. But you never know ..

Did you set the cookie_domain ?
Code:
$config['cookie_domain']    = ".your-domain.com";
#3

[eluser]Uto[/eluser]
Yes, I've been thinking about the cookie settings but... are Safari/Chrome/Opera/Explorer all having cookies disabled? All of them but Explorer I have just installed a few minutes ago, they have "factory settings".

I haven't set the cookie domain, I'm going to do it now, maybe that's the problem, I hope so Smile
#4

[eluser]Uto[/eluser]
Nah, I've set cookie domain:

Code:
$config['cookie_prefix']    = "";
$config['cookie_domain']    = ".mydomain.com";
$config['cookie_path']        = "/";

And I've even tried using a prefix, as this site is a side-site whose subdomain is not "www"

Code:
$config['cookie_prefix']    = "support";
$config['cookie_domain']    = ".mydomain.com";
$config['cookie_path']        = "/";


But it doesn't work on the same browsers I've checked before.

By the way, on Chrome and Opera I can even see a list of cookies, and the cookies is there, but session var is missing.

Also, I've found in Chrome and Opera that cookies are allowed. I cannot find where that is set on Explorer.
#5

[eluser]LuckyFella73[/eluser]
Did you define your base path this way?
Code:
$config['base_url']    = "https://www.your_domain.com";

I just ask because in an other thread the problem was
switching between http and https.

What you could try to do is storing the session vars in your database.
Just see what happens ..
#6

[eluser]Uto[/eluser]
[quote author="LuckyFella73" date="1240521309"]Did you define your base path this way?
Code:
$config['base_url']    = "https://www.your_domain.com";

I just ask because in an other thread the problem was
switching between http and https.
[/quote]
Yes, it has the https thing

Quote:What you could try to do is storing the session vars in your database.
Just see what happens ..

Ehmm... I don't think I get this...
#7

[eluser]the_nix[/eluser]
I had the exact same problem. 60 users, only affects one (in all browsers). When setting session variables, they store without error and are visible in a vardump. The minute you go to a new page, the session variables I set before are gone.

The weirdest part is, it was working fine for him up until earlier today.

I have tried all the combinations of TRUE/FALSE for the various config settings including setting them all to false.
Code:
$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = TRUE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;
#8

[eluser]helmutbjorg[/eluser]
Remove the underscore from the sess_cookie_name

Code:
$config['sess_cookie_name']        = 'cisession';
#9

[eluser]the_nix[/eluser]
For some users turning off the firewall and Norton fixes it but not for all. I've confirmed by remoting into my users's machines that they don't have any security software active and it's still dropping session.
#10

[eluser]Thorpe Obazee[/eluser]
Are the server time and local time sync'd in?




Theme © iAndrew 2016 - Forum software by © MyBB