Session Match IP False No Working |
Hello. We are using CI3 and using a MySQL database for our sessions. We have "$config['sess_match_ip'] = false;" set in our config.php file, and have confirmed this config variable value via the "$this->config->item('sess_match_ip')" check. The database table to store sessions only has the "id" as a primary key (so "ip_address" is not factored into the session key). With this, our site still acts as if it's considering IP address when checking for a valid session, as users that have a rotating IP address get our "session timeout" screen after they have logged in and click through pages. We have confirmed this with several different users that see their IP addresses change when they check. We've added logging to the framework's Session.php and Session_database_driver.php files that reference the "sess_match_ip" or "match_ip" parameters, but none seem to be firing when they should not be. Anything else we can check or debug to figure this out? Thanks.
Are you on a CloudFare server?
What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
I just looked the source code and it says this about the Match IP.
PHP Code: /** What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
PHP Code: 'sess_match_ip' What did you Try? What did you Get? What did you Expect?
Joined CodeIgniter Community 2009. ( Skype: insitfx )
(01-25-2023, 01:33 PM)kft101 Wrote: @InsiteFX The "$sessionMatchIP" variable is a CI4 config variable. We are using CI3, but are setting the version correct "sess_match_ip" config variable appropriately to false, per the original post. application/config/config.php PHP Code: /*
@InsiteFX @superior
Thanks for the responses. But per the original post, we already have the "sess_match_ip" config variable set to false, the ci_sessions database table created and indexed ONLY on the id. Our website and sessions are working fine for almost all users, except for the ones that have a rotating/dynamic IP address. Our current configuration SHOULD prevent the checking of IP address against the sessions, yet these users are still seeing the session expired message when they click through the pages, which indicate that CI3 is still checking the IP address when retrieving sessions. We are not using a reverse proxy. Anything else we can check? Thank you.
What is our "session timeout" screen?
Can you show it? |
Welcome Guest, Not a member yet? Register Sign In |