Issue Tracking Sessions |
Hi,
Im using CI4 v4.2.12 and need to track changes to the session id made by CI regenerating the session ID, keeping the default refresh rate of 300 secs. When my user logs in I add/update my unique user id and the session id to a table in my database. I also use a filter to compare the current session id to the session id in the database each time a controller is called. If the two session id's do not match, I log the user out. This is done for a number of reasons -
I have implemented Session DatabaseHandler, but each time CI updates the session, it just adds a new row reflecting the new session, so even from this I cannot identify which user is using which session. Does CI provide a way to identify when a session has regenerated, which session has been regenerated and, what the regenerate value is?? I should also add, comparing the user IP address not an option for me, as a lot of my users are on the road and are constantly acquiring new IP address on their devices. Thank you in advance.
Hi Kenjis,
Many thanks for your reply and the snippet. So essentially, I cannot track a session that has been regenerated? I am also seeing I cannot logout a specific user (unless I interrogate every session for the user id), and I cannot check for multiple logins by the same user, unless their 2nd, 3rd, ... logins are from different IP's? I'm therefore assuming I would not be able to do any of the above without changing CI core? Again many thanks :-)
Yes, you need to customize the CI4 Session library.
Thanks Kenjis,
Oh dear! I really do not want to touch CI core!! Just one idea, (note I never use session id in post/get) and this is where my knowledge is lacking! If I set the $sessionTimeToUpdate equal to $sessionExpiration, this means session id will not regenerate for the lifetime of the users active session? I create a database table "active_users" that stores my users unique user id (not login username) and their session id. For every login, I check my active_user table for my users unique id:
Therefore:
Many thanks for your time.
If you want only one session for a user,
1. when a user is logged in, you save the (first) session id in a database table and the session data. 2. check the (first) session id in the session data and in the database table, and if they are not the same, make the user logout.
|
Welcome Guest, Not a member yet? Register Sign In |