Sessions Randomly Expire (CI 1.7.3) |
[eluser]blasto333[/eluser]
Is there a bug in CI where sessions randomly expire? It seems to happen occasionally and is really annoying. Is this fixed in version 2.0.1?
[eluser]WanWizard[/eluser]
There is an issue with the sessions library (in all version) which could cause sessions to disappear. This happens when you have: - a relatively short session id rotation time (default = 300 seconds, which is short) - use ajax calls or concurrent browser access - have concurrent requests with various processing times In this case, it can happen that one request decides to rotate the session id, but before the updated cookie is received, a second request starts. This will also try to rotate the session id (since it started with the same original cookie), which fails (because the old session no longer exist), and creates a new session as a result. This can not be solved without a major rewrite of the session library, and even then it's very difficult. Workaround: extend or disable the session rotation time (less secure) or search the forums for a session.php I've posted with a coded workaround for this issue.
[eluser]blasto333[/eluser]
If I set $config['sess_time_to_update'] = 0; Will that solve the problem? (I know it is not secure)
[eluser]blasto333[/eluser]
That didn't seem to do it as the session id regenerates each time..so that would probably have the same issue. What about the native php session library? I need a solution that works that I can use within CI. This seems like a bug to me.
[eluser]blasto333[/eluser]
What about doing this: Code: $config['sess_time_to_update'] = PHP_INT_MAX;
[eluser]WanWizard[/eluser]
Native sessions are not secure at all, so I advise not to use it. As I wrote: Workaround: extend or disable the session rotation time (less secure) or search the forums for a session.php I’ve posted with a coded workaround for this issue.
[eluser]toopay[/eluser]
i've once had trouble with session library, and the problems is my server's host. It will work if only i set Code: $config['sess_expiration'] = 0;
[eluser]InsiteFX[/eluser]
Code: $config['sess_expiration'] = 0; InsiteFX
[eluser]toopay[/eluser]
@InsiteFX : not hours, but years! This what happen in Session Library Code: ... @blasto333, workaround with Code: setcookie("TestCookie", "Cookie succesfully created", time()+7200); |
Welcome Guest, Not a member yet? Register Sign In |