Session creates new session id on every page load

[eluser]benharrison[/eluser]
Thanks for the suggestion, but I have already checked those. Here are the settings I'm using:

$config['sess_expiration'] = 7200;
$config['sess_time_to_update'] = 300;

I love CodeIgniter, but I think I'm just starting to lose confidence in the session library. It seems like others are having the same problem with no real reliable solution:

http://stackoverflow.com/questions/24491...fter-login

I would love to find an answer and continue using the session class, but at this point I'm just not sure what could be causing this to happen. I've been spinning my wheels, so I'm open to all suggestions.

[eluser]Prophet[/eluser]
Are your sessions using the database?

[eluser]benharrison[/eluser]
Yes I am using the database. Here is a copy of my settings:

Code:

$config['sess_cookie_name']        = 'cart_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'cart_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

By using the database I could tell that I was getting a new session on each page load. For instance, upon visiting the page I would start a new session. Then logging in would create another new session (with correct information). After a successful login I would redirect the user back to the home page, and this creates a 3rd blank session. All of this is visible in my database table. Which sounds like the exact same problem as the author of this post:

[quote author="jaystang" date="1279413167"]...I can see where the issue is a little easier. On every page load of the site I can see a new record w/ a different 'session_id' is created in the database...[/quote]

[eluser]WanWizard[/eluser]
Switch from 'localhost' to a proper domain name.

The latest RFC re cookies state that the hostname must contain at least one dot, and in some cases even two (to rule out hostnames like .com). If you read the RFC, you come to the conclusion that 'localhost' is an illegal hostname.

Just add a dummy hostname to your local host file ( c:\windows\system32\drivers\etc\hosts on windows, /etc/hosts on linux), for example 'mysite.laptop.local', and assign it the IP address 127.0.0.1. If your local webserver uses named hosts, don't forget to modify the config.

[eluser]benharrison[/eluser]
WanWizard thanks for the suggestion but I have already been doing so. I had already been running my development environment through a dummy hostname. Then after seeing your suggestion above I also tried other variants of the dummy hostname, ie:

http://mytestsite
http://mytestsite.com
http://www.mytestsite.com
http://my.test.site
http://mytestsite.local

Nothing works. This stumps me, because it seemed to be the solution for the original author of this post.

[eluser]WanWizard[/eluser]
Can you show us your cookie_ config variables?

Have you checked, after a page load, if the browser indeed received a session cookie?

For firefox, use the web developer toolbox to het easy access to all kinds of info, including cookies. Use firebug to check the request and response headers to see if you do receive a cookie, and if the browser sends it back at the next request.

[eluser]benharrison[/eluser]

Code:

$config['sess_cookie_name']        = 'cart_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'cart_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

I have checked for cookies in Firefox, and I have also checked the database records.

I have not checked the request and response headers yet though.

I have tested with multiple browsers (Firefox, Chrome, IE8), and on my hosting provider's servers. This happens in all scenarios.

[eluser]WanWizard[/eluser]
I'm intrested in the config values that start with 'cookie_', they should be in the same file.

There are only a few possible scenario's:
- the server doesn't send the cookie
- the browser doesn't accept the cookie
- the parameters of the cookie are wrong so the cookie is discarded
- the browser doesn't send the cookie back
- the script doesn't receive the cookie

You have to check every step to find the issue at hand...

[eluser]benharrison[/eluser]
I am currently using the code you recommended in your initial response to this thread:

Code:

if(isset($_SERVER['HTTP_HOST']))
{
    $config['base_url'] = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http';
    $config['base_url'] .= '://'. $_SERVER['HTTP_HOST'];
    $config['base_url'] .= isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' ? ( ':'.$_SERVER['SERVER_PORT'] ) : '';
    $config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
else
{
    $config['base_url'] = 'http://localhost/';
}

Code:

$base_url_parts = parse_url($config['base_url']);
$config['cookie_prefix']    = "";
$config['cookie_domain']    = $base_url_parts['host'];
$config['cookie_path']        = $base_url_parts['path'];
unset($base_url_parts);

[eluser]WanWizard[/eluser]
Ok, then we can assume that the cookie is created correctly.

Unless your HTTP_HOST is not set for some reason (which webserver are you using), in which case base_url defaults to localhost and the cookie will fail to work. Does base_url() return the expected URL?

If this is ok, time to get the debugging tools out and test the steps I've mentioned earlier. Somewhere in there must you be able to find the culprit...