[eluser]Cifa[/eluser]
Hi everybody,
I don't know if somebody has got the same problem but I'll share it just in case :-)
When using the Session class with encryption the Encrypt->decode method occasionally returned FALSE and the session was lost. I did some debugging:
Session->sess_read
Code:
$session = $this->CI->input->cookie($this->sess_cookie_name);
// No cookie? Goodbye cruel world!...
if ($session === FALSE)
{
log_message('debug', 'A session cookie was not found.');
return FALSE;
}
// extra debugging
log_message('debug', 'Cookie string: '.nl2br($session));
// Decrypt the cookie data
if ($this->sess_encrypt_cookie == TRUE)
{
$session = $this->CI->encrypt->decode($session, $this->encryption_key);
}
and Encrypt->decode
Code:
function decode($string, $key = '')
{
$key = $this->get_key($key);
if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string, $matches))
{
log_message('debug', "Encryption ERROR - invalid string: $string invalid matches: ".serialize($matches));
return FALSE;
}
$dec = base64_decode($string);
if ($this->_mcrypt_exists === TRUE)
{
if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
{
return FALSE;
}
}
return $this->_xor_decode($dec, $key);
}
and to my surprise got this in my log file:
DEBUG - 2010-11-19 15:01:10 --> Session Class Initialized
DEBUG - 2010-11-19 15:01:10 --> Helper loaded: string_helper
DEBUG - 2010-11-19 15:01:10 --> Encrypt Class Initialized
DEBUG - 2010-11-19 15:01:10 --> Cookie string: ownG2IhiGI4LJXr0NiZMfTir5+lL9Uo6zB4azgaICDZKbyL7xZmlcdWDQlNcCVzyrNslYvtPfEqbY3hnXR7A5yQnwzYe7R60iqbFDn+oqXs3YJlFmVk8Oj6VqkJI1XSCd9LP0GWLpFSRpQumWqMMsJA8BHoMDW08rhmB2x8/z/F+qH/iETzaEENaQCdNNkCfq/Cx3YXYi/PVoVUvJKqDdpBrw2uD90epaMPRVyygpDB5O9CQs/1IPoaUyGvePa1jbPQBcA9fV/gyxFGk27kbBhvfpe2P2a3M473mXr4omPpLBfFf1lDIwD7dH0ehP2z6xiUgNomowSF04FmkfUPqwvWjx+/R6uQCPnX4SuqfYwDSIH0LPeisC+PqgjJWU78u0ISphjF5OnBCusqdP4LEt+4wAHpKMjXODuvhC28fRbsPlUCml8zNT38bENMtT6TcS6+Tith8U0TftJ2ltWEeVvld3r3MU2iq3i3iACxXQZEHhoalGVNxua3bGI3N2KvVL3UjyWloxDkw2L79Vor47czCHTU0LYSdteJef2CkiMtNSFoRkw4ZcR7SX3hKJaRmOT3JkArcR8CCixqckSHnpqyw5RKJW6cUKhsq55jli2lEg59S3XEARu/0MRP0A6TQ<br />
DEBUG - 2010-11-19 15:01:10 --> Encryption ERROR - invalid string: ownG2IhiGI4LJXr0NiZMfTir5+lL9Uo6zB4azgaICDZKbyL7xZmlcdWDQlNcCVzyrNslYvtPfEqbY3hnXR7A5yQnwzYe7R60iqbFDn+oqXs3YJlFmVk8Oj6VqkJI1XSCd9LP0GWLpFSRpQumWqMMsJA8BHoMDW08rhmB2x8/z/F+qH/iETzaEENaQCdNNkCfq/Cx3YXYi/PVoVUvJKqDdpBrw2uD90epaMPRVyygpDB5O9CQs/1IPoaUyGvePa1jbPQBcA9fV/gyxFGk27kbBhvfpe2P2a3M473mXr4omPpLBfFf1lDIwD7dH0ehP2z6xiUgNomowSF04FmkfUPqwvWjx+/R6uQCPnX4SuqfYwDSIH0LPeisC+PqgjJWU78u0ISphjF5OnBCusqdP4LEt+4wAHpKMjXODuvhC28fRbsPlUCml8zNT38bENMtT6TcS6+Tith8U0TftJ2ltWEeVvld3r3MU2iq3i3iACxXQZEHhoalGVNxua3bGI3N2KvVL3UjyWloxDkw2L79Vor47czCHTU0LYSdteJef2CkiMtNSFoRkw4ZcR7SX3hKJaRmOT3JkArcR8CCixqckSHnpqyw5RKJW6cUKhsq55jli2lEg59S3XEARu/0MRP0A6TQ
invalid matches: a:1:{i:0;s:1:"
";}
DEBUG - 2010-11-19 15:01:10 --> Cookie error: Incorrect format
DEBUG - 2010-11-19 15:01:10 --> Session NEW Session Created
DEBUG - 2010-11-19 15:01:10 --> New Cookie Being Set: pKc1tKscRhIpM36ap0G/OtMK4DdpUmIRRK9ppjAEJQYnWOz9gBjAGubIWVC9dmofAPpa2ciCMZTH9GDJ/5YyIh9MqwRsCvIcggnPABVWlxvEw3RL5EWpNxMmFs4Ev1tz6bNNy0k0uY/FYrEt8QEWQmSob4ehrJ/25Kiq7aBLUKxmcrtWnOni8vVspPYYxu/CzqXiFJIWYheqGQwbijlwRMAQM+PNIWdkt4sg5SzauEaph90swH+xUyIqQaImLYrA4TxZ7sSbTuLYION2sLMmbs4oDIo6C+AeVHouh8ew7TGgK46lyD2+JddIh/nV9GMN5uLj+6aPCla3Bn9AhTCL4iXDLsqnP+y2T9D6Ts68vEHKBvL2GXJsVxvuIrhQmBuU0/f8qvwioK49HkGH7NfElg16JlWa85/jhKl839NlxE30BMoWZuc9dYOdHNbtriu+geSQBUsR5+iRdaESLc5k1oUMBGSNcGy3V9Xild7ak5jPNpMMCnQAWqh+nSgh3cIVYY1Cj23EUNC/TnH6ZilKd04lrjwOKiZgZUIe4y9w+YlLSbTcixNlWJhzB0/GR/aOy2BGuXjMamOSRc5Am7dObH7FdvjysgDAgBUqpDCRR+OwH7XT/qk40zorubzRp1Qu
DEBUG - 2010-11-19 15:01:10 --> Session routines successfully run
Conclusion: For an unknown reason the cookie session string has occasionally a newline character added to the end. This gets caught by the regular expression in the Encrypt class when the decode method is called and results in FALSE being returned. This consequently kills the current session and creates a new one.
Hopefully, trimming the session string should fix the problem