Welcome Guest, Not a member yet? Register   Sign In
session expires earlier on community auth
#8

(12-23-2016, 01:56 PM)allenxiao7 Wrote:
(12-22-2016, 04:32 PM)skunkbad Wrote: Most of the session regeneration stuff is part of CodeIgniter, and has nothing to do with Community Auth. Just so you know how the session is used in Community Auth, I'll break it down for you. It might help you debug, but be aware that older versions of Community Auth had an issue with session regeneration, so make sure you're using the latest version.

1) CodeIgniter sessions are combined with Community Auth's auth_session table so that there is always a database record associated with a logged in user, regardless of whether you use file or database based sessions.

2) Because the CodeIgniter session and the auth_sessions table are working together to manage the session for the authenticated user, during session regeneration the session ID needs to be updated in the auth_sessions record. This action is part of what you see in the MY_Session library, and also the reason why the auth_sess_check hook exists. We're just always making sure that the auth_session and CI session have a matching ID.

Beyond that, there really isn't anything going on for existing sessions, but there are some Community Auth sessions related configuration that you'll find. If you look at those though, you'll find that unless you've specifically changed them, they're mostly turned off and not making any difference in the way sessions are handled. The one that would cause a problem though would be "disallow_multiple_logins". If that is set to TRUE than if you were to log in at a different computer and come back to the first computer, the session on the first computer would have been deleted. Again, this is turned off by default.

Thanks for the explanation, I agree somehow the ci_session cookie was regenerated (I found today the issue happened again, I checked the cookies, and found it re-generated today, although the old one is supposed to be expired next Jan)

I will try to upgrade my CI to 3.1.2 today first

It turned out I have session cookie name collision.
I managed several projects on the same CI. because the projects use the same ci_session cookie name, so if switching it from one to another, it forced the ci_session to be regenerated. now I added a prefix for different project, it worked well.

PS: I found the prefix was automatically prepend to httpUser cookie, but not to httpsTokens.

I changed the line in config.php
$config['cookie_prefix']        = 'abc';

my browser got abchttpUser, but still httpsTokens.

Also I found in MY_Input.php

if ( ! is_numeric($expire))
{
           $expire = time() - 86500;                   
}

why did we want to set expire to yesterday? the set_cookie method usually called without $expire, so it will take the default value of "", then this line will be executed always. i.e. $this->CI->input->set_cookie( $http_user_cookie );
Reply


Messages In This Thread
RE: session expires earlier on community auth - by allenxiao7 - 12-23-2016, 04:22 PM



Theme © iAndrew 2016 - Forum software by © MyBB