Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Libraries & Helpers Session/Cookie management with Codeigniter 4
Session/Cookie management with Codeigniter 4
  • Offline alvin_araujo
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Aug 2023
    Reputation: 0
#1
08-13-2023, 02:47 PM
(This post was last modified: 08-13-2023, 02:56 PM by alvin_araujo.)

I have set up CodeIgniter 4 for an e-commerce platform where users can search for products and add them to their carts. This cart selection is saved to the session. To proceed to checkout, users need to log in, and I've implemented Google Single Sign-On (SSO) for this purpose. Upon successful login, users are redirected back to the same URL they were on when they initiated the login process.

However, I'm encountering an issue: after i am redirected back to my website via the Google SSO login, a new session is being created with a new session ID, causing all the items that users previously added to their carts to be lost.

Could you please provide guidance on how to address this problem and ensure that the user's cart data remains intact even after the Google SSO login redirection?

The below embeded image is of the new session being created along with the set-cookie header response.


[Image: codeigniter-screenshot.png]
Reply
  • Offline InsiteFX
    Super Moderator
  • ******
  • Posts: 6,334
    Threads: 291
    Joined: Oct 2014
    Reputation: 235
#2
08-13-2023, 10:46 PM
(This post was last modified: 08-13-2023, 10:47 PM by InsiteFX.)

Don't use sessions for storing cart information use a secure cookie.
This way the user can leave and come back and still have their cart
items saved.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
  • Offline alvin_araujo
    Newbie
  • *
  • Posts: 2
    Threads: 1
    Joined: Aug 2023
    Reputation: 0
#3
08-13-2023, 11:07 PM

(08-13-2023, 10:46 PM)InsiteFX Wrote: Don't use sessions for storing cart information use a secure cookie.
This way the user can leave and come back and still have their cart
items saved.

Thanks for the revert @InsiteFX. I did think about doing this, but then the core requirment of the client is that we will not be saving any information on the user machine unless very much necessary and insisting in using server sessions for all such data.

If you could just let me know as to why such session ID reset happens would have been of great help. I just tried the same flow of SSO login via core PHP and it worked fine without resetting session ID, but with codeigniter the session resets. I am guessing it is got to do with some configuration options, currently using the default Codeigniter 4 config option values. 

Just to mention it again that i am getting a POST request from the SOO callback url and that resets the session ID else everything works like a charm, with the session ID being maintained across the app pages.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,285
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#4
08-14-2023, 10:10 PM

What is Google Single Sign-On (SSO)?
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,285
    Threads: 90
    Joined: Oct 2014
    Reputation: 207
#5
08-14-2023, 10:21 PM

(08-13-2023, 11:07 PM)alvin_araujo Wrote: Just to mention it again that i am getting a POST request from the SOO callback url and that resets the session ID else everything works like a charm, with the session ID being maintained across the app pages.

Cross-site request with unsafe method like POST does not send the session cookie.
It is for security reason. Search for "SameSite Cookie".
ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply




Theme © iAndrew 2016 - Forum software by © MyBB