Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Allow AJAX calls to refresh the session?
Allow AJAX calls to refresh the session?
  • El Forum
    Guest
  •  
#1
10-23-2013, 09:51 AM

[eluser]jonez[/eluser]
Hi from what I can tell AJAX calls do not keep sessions alive. Is there any way to force all or certain AJAX calls to keep a session alive? I'm using database sessions. Thanks!
  • El Forum
    Guest
  •  
#2
10-23-2013, 11:11 AM

[eluser]Alucemet[/eluser]
The ajax request will need to both send and receive the csrf token value. Your form includes the hidden csrf token, so just get its value when you send, and put it in the params. When the request is received at the server, you will need to make sure you have the current token value, then send it back with the response. When the response is received at the client, update the token value in the form with the value sent in the response. It's that easy.
  • El Forum
    Guest
  •  
#3
10-23-2013, 01:15 PM

[eluser]jonez[/eluser]
I added a form to the bottom of the page with only the csrf field/value in it. Once a minute I use jQuery to send the form and fields to the server, I send back a JSON object with two keys total and csrf ($this->security->get_csrf_hash( )). sess_expiration is set to 120. The first AJAX call succeeds and returns the same csrf and a total (say 3). The second AJAX call returns a 302 and redirects to the login page since the session has expired.

Is that what you meant? It doesn't seem to work. I'm trying to make the timer keep a session alive since all my calls are done through AJAX and not page links.
  • El Forum
    Guest
  •  
#4
10-23-2013, 02:06 PM

[eluser]jonez[/eluser]
Found a fix! In CI3-dev if you change the session driver from cookie to native the problem disappears.
  • El Forum
    Guest
  •  
#5
10-23-2013, 02:07 PM

[eluser]CroNiX[/eluser]
you could probably just increase the sess_time_to_update value to like an hour (I believe the default is only 5 minutes) and then each session will last an hour from the last request and this would probably be unnecessary.
  • El Forum
    Guest
  •  
#6
10-23-2013, 02:57 PM

[eluser]jonez[/eluser]
[quote author="CroNiX" date="1382562432"]you could probably just increase the sess_time_to_update value to like an hour (I believe the default is only 5 minutes) and then each session will last an hour from the last request and this would probably be unnecessary.[/quote]
There are easier solutions but they create other security concerns.




Theme © iAndrew 2016 - Forum software by © MyBB