• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Display Above Root Image with a controller on CI3-RC2

#1
Hi

Some time ago I have found on the elislab forum a code ( image controller ) to display images from outside of the site public directory.
The idea is to keep private images and private files far from public access and unauthorized access. The code can be modify to be use with files too.

I have made some minor modifications on it and it works perfectly so far on CI3-Developer Version and CI3-RC2.

But it have found an unexpected behavior with the image controller and CI3-RC2 Session_files_driver.

What unexpected behavior?

If I access a page on CI3-RC2 the Session_files_driver create 1 session file per-user/per-page request. Thats OK! no problem.

But if I access the same page using the image controller with 12 images on it the CI3-RC2 Session_files_driver will produce about 13 session files almost instantly per-user/per-page request.

That will be a lot of trash on the session folder on a busy site.

So... is that a normal behavior for the Session_files_driver?

Or... It is an image controller overhead of some kind?

Am I missing something?

I appreciated suggestions to improve the image controller to avoid the excess of session files on the system.

Below are the settings and the image controller;

// folder structure

Code:
htdocs
 -codeigniter
      -application
      -assets
      -sessions
      -system
      -index.php
      -.htaccess

 -uploads
      -member_1
            -image_name.jpg
       -member_2
       -member_3
 

// application/config/config.php

Code:
$config['sess_save_path'] = '/opt/lamp/htdocs/codeigniter/sessions/';
$config['upload_url'] = '/opt/lamp/htdocs/codeigniter/uploads/';
$config['no_image_url'] = 'http://localhost/codeigniter/assets/images/no_image.gif';

*the $config['upload_url'] must be set right or no images will be display.

// application/config/routes.php

Code:
$route['image/view/(:any)/(:any)'] = 'files/image/view/$1/$2';

// calling the image

Code:
<a href="<?php echo base_url(); ?>image/view/member_1/image_name.jpg"  alt="">

// application/controllers/files/Image.php

Code:
/**
* Images controller.
*
*/
defined('BASEPATH') OR exit('No direct script access allowed');

class Image extends CI_Controller {

public function __construct()
{

parent::__construct();

$this->CI =& get_instance();

/*
* ------------------------------------------------------
*  Load helper and libraries files.
* ------------------------------------------------------
*/
$this->load->helper('file');
$this->load->helper('url');

log_message('info', 'Image Class Initialized');
}

/*
* ------------------------------------------------------
*  Get file.
* ------------------------------------------------------
*/
public function view()
{

$folder = $this->uri->segment(3);
$folder = str_replace('-', '_', $folder);
$folder = str_replace(' ', '', $folder);
$folder = trim(preg_replace( "/[^A-Za-z0-9\_\.]/i", "", $folder));

  $file = $this->uri->segment(4);
$file = str_replace('-', '_', $file);
$file = str_replace(' ', '', $file);
$file = trim(preg_replace( "/[^A-Za-z0-9\_\.]/i", "", $file));

$path = $this->config->item('upload_url').$folder.'/'.$file;
$no_image = $this->config->item('no_image_url');

if (file_exists($path))
{

$mimetype = get_mime_by_extension($path); // will need file_helper loaded

header("Content-Type: ".$mimetype);
header('Content-length: '.filesize($path));
readfile($path);

} else {

$mimetype = get_mime_by_extension($no_image); // will need file_helper loaded

header("Content-Type: ".$mimetype);
header('Content-length: '.filesize($no_image));
readfile($no_image);

}

}

}

I forgot to mention that this behavior does't happens with the previous CI3 Developer Version while using the Session_native driver but it does on CI3-RC2 using the Session_files_driver.

Thank You!
Reply

#2
A friend of mine told me that whenever the image controller calls a new image the session regenerate again. No matter if it's the same page. If the same page has 12 images then that page generates 1 session for the page and 12 sessions for the images almost simultaneously. Curiously this did not happen in CI3 using the Session_native driver so it must be something with the CI3-RC2 session improvements.

Some thoughts about this please?
Reply

#3
Remove this from the class constructor:

   $this->CI =& get_instance();
Reply

#4
(02-09-2015, 03:27 PM)Narf Wrote: Remove this from the class constructor:

   $this->CI =& get_instance();

I'm curious to know if that fix worked for you. No difference here. I even remove the whole localhost installation and re install a new and updated one but no difference. (Apache/2.4.10 (Unix), OpenSSL/1.0.1j, PHP/5.6.3, mod_perl/2.0.8-dev, Perl/v5.16.3, mysqlnd 5.0.11-dev, MySQL Server version: 5.6.21 - Source distribution, Ubuntu 14.01)
Reply

#5
No, I haven't tried it ... I told you to remove it because it's wrong regardless of the problem that you're having - get_instance() gets an instance of your controller, and you're calling it from that same controller's constructor, which in turn is the place where a lot of stuff is loaded, so it made sense that it could break something.

My only guess left is that your browser simply doesn't send a cookie to your image URLs, thinking that they're static images, which causes the session handler to force-create a new session.
Reply

#6
(02-10-2015, 02:14 AM)Narf Wrote: I told you to remove it because it's wrong regardless of the problem that you're having - get_instance() gets an instance of your controller, and you're calling it from that same controller's constructor, which in turn is the place where a lot of stuff is loaded, so it made sense that it could break something.

Thank you for let me kow that.

However I don't believe this is a browser issue. I try with three different browsers and there is no difference. As I mentioned before this not happens with CI3 previews version using the Session_native.php driver. It seems to be something on CI3-RC2 session improvements. Or a PHP bug inadvertently exposed.
Reply

#7
(02-10-2015, 09:38 AM)Mel9pr Wrote:
(02-10-2015, 02:14 AM)Narf Wrote: I told you to remove it because it's wrong regardless of the problem that you're having - get_instance() gets an instance of your controller, and you're calling it from that same controller's constructor, which in turn is the place where a lot of stuff is loaded, so it made sense that it could break something.

Thank you for let me kow that.

However I don't believe this is a browser issue. I try with three different browsers and there is no difference. As I mentioned before this not happens with CI3 previews version using the Session_native.php driver. It seems to be something on CI3-RC2 session improvements. Or a PHP bug inadvertently exposed.

I'm not saying it's a browser issue, I'm saying that's how a browser probably behaves. Smile

Previous CI3-dev versions didn't enforce strict mode sessions, so that might explain it ... Either way, look at the request headers.
Reply

#8
(02-10-2015, 09:42 AM)Narf Wrote:
(02-10-2015, 09:38 AM)Mel9pr Wrote:
(02-10-2015, 02:14 AM)Narf Wrote: I told you to remove it because it's wrong regardless of the problem that you're having - get_instance() gets an instance of your controller, and you're calling it from that same controller's constructor, which in turn is the place where a lot of stuff is loaded, so it made sense that it could break something.

Thank you for let me kow that.

However I don't believe this is a browser issue. I try with three different browsers and there is no difference. As I mentioned before this not happens with CI3 previews version using the Session_native.php driver. It seems to be something on CI3-RC2 session improvements. Or a PHP bug inadvertently exposed.

I'm not saying it's a browser issue, I'm saying that's how a browser probably behaves. Smile

Previous CI3-dev versions didn't enforce strict mode sessions, so that might explain it ... Either way, look at the request headers.

http://localhost/codeIgniter-3.0.2/gallery

GET /codeIgniter-3.0.2/gallery HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/codeIgniter-3.0.2/gallery
Connection: keep-alive

HTTP/1.1 200 OK
Date: Tue, 10 Feb 2015 18:01:21 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1j PHP/5.6.3 mod_perl/2.0.8-dev Perl/v5.16.3
X-Powered-By: Codeigniter 3.0
Set-Cookie: ci_session=d2d2928f325c62dcce7ec9298907c38aef7f80f0; path=/; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Tue, 10 Feb 2015 17:01:21 GMT
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

I try setting the ini_set('session.use_strict_mode', 1); to 0 but nothing changes,
I change the Cache-Control to public but nothing changes,
I remove the Pragma: no-cache but nothing changes,

Man this thing is a hard one!

Any way... if the session folder is overwhelm with too much session files....
Do I need to worry about server performance or session security issues?
Do you think this behavior will cause some security concerns?
Reply

#9
Yep ... just like I thought, browsers just don't send a cookie, "thinking" that static files are being requested.

Performance issues? No.
Security issues? Considering that it's an empty session - not a critical issue, but it's a concern.

I'd reconsider at least the URL naming scheme in your case, it's at the root of the problem you're having. That is, of course, unless there's something wrong with your session/cookie settings (check cookie domain name and path).
Reply

#10
Also, FYI: 3.0rc2 != 3.0.2 Smile
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.