Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CI 1.7: session database lose user_data after update
CI 1.7: session database lose user_data after update
  • El Forum
    Guest
  •  
#1
10-25-2008, 10:02 AM

[eluser]Giraf[/eluser]
Hi guys.

I'm a first time CI user and love it, so maybe I'm missing something here!?

I've made a simple AUTH system that checks stuff in the sessions user_data, but every time the sess_time_to_update kicks in and update the database session, the user is logged out.

It appears it inserts a new row with new session_ID in the ci_sessions table, but shouldn't it just update the original/old session id entry? because then it would still have the user_data in it!?

Take care
  • El Forum
    Guest
  •  
#2
10-25-2008, 12:18 PM

[eluser]Pascal Kriete[/eluser]
You can't rely on the session id to identify your users. It changes periodically to prevent against session fixation. Instead you should set your own session variable that identifies the user and check for that.
Code:
$this->session->set_userdata('user_id', $user_id);

// Logged in?
if ( ! $this->session->userdata('user_id')
{
    die('not logged in');
}

Hope that helps, otherwise we'll need to see some code.

Welcome to CodeIgniter.
  • El Forum
    Guest
  •  
#3
10-25-2008, 04:35 PM

[eluser]Giraf[/eluser]
Thanks. Maybe i wasn't clear about it, i'll try again..

First, what you suggest is what i've done and it will bug.

The userdata dissapear after sess_time_to_update. Is that normal behaviour?

It's easy to check looking at the database entries, the userdata is not transferred to the new session id, and because of that you will be logged out. Is that how it should work?
i don't know how else to make it..
  • El Forum
    Guest
  •  
#4
10-25-2008, 06:02 PM

[eluser]Pascal Kriete[/eluser]
Ok, I just turned my sess_time_to_update down to 10 seconds and there is no transferring of anything. The session_id and last_activity is updated on the existing row as you would expect looking at the code.

Clearly something is up. What version of CI are you using? Do you have a reduced version of your code that I can use to try and recreate this?
  • El Forum
    Guest
  •  
#5
10-26-2008, 02:39 AM

[eluser]Giraf[/eluser]
I just installed CI 1.6.3 together with some language help (MY_language.php) and then upgraded with 1.7, and followed the easy upgrade instructions.

I took a screengrab of the database entries, here you can see it insert a new entry instead of a update.

There's no hokus pokus in my code, it's very simple i guess, but you can take a look at this function that runs in a hook.

Code:
function authrun()
    {
        // LOG OUT
        if($this->uri->segment(1)=="logout")
        {
            if($this->session)
                $this->session->sess_destroy();
                
            redirect('login', 'location');
        }
                
        // LOG IN
        if($this->input->post('loginposted'))
        {
            $query = $this->db->query("
                SELECT * FROM users
                    WHERE email='".$this->input->post('email')."'
                    and password=sha1('".$this->input->post('password')."')
                LIMIT 1");

            $row = $query->row_array();
            
            if ($query->num_rows() > 0)
            {
                $this->session->set_userdata('loggedin', 'hmmn');
                redirect("", 'location');
            } else {
                $this->session->set_flashdata('error', true);
                redirect('login', 'location');
            }
        }
        // CHECK LOG IN
        else if($this->session->userdata('loggedin')!="hmmn")
        {
            if($this->uri->segment(1)!="login" && $this->uri->segment(2)!="login")
                redirect('login', 'location');
        }
    }
  • El Forum
    Guest
  •  
#6
10-26-2008, 08:45 AM

[eluser]Pascal Kriete[/eluser]
Hmm... I'm assuming it's a post_controller_constructor hook. I can't see anything out of the ordinary (surprised? probably not). That's actually a pretty nice piece of code. I'll try to recreate.
  • El Forum
    Guest
  •  
#7
10-26-2008, 09:49 AM

[eluser]Pascal Kriete[/eluser]
Hmm, very odd. I had to modify your hook a bit since hooks don't natively subclass the CI super object, but I still cannot reproduce.
  • El Forum
    Guest
  •  
#8
10-26-2008, 09:55 AM

[eluser]Giraf[/eluser]
Thanks for looking at it.

I think it must have something to do with upgrading 1.6.3 to 1.7, I can't imagine how my code should cause the database to do an insert instead of update on the session table!?
  • El Forum
    Guest
  •  
#9
10-26-2008, 10:00 AM

[eluser]Giraf[/eluser]
It's just odd when upgrading was so easy.. but i'll try with a clean install and see what happens.
  • El Forum
    Guest
  •  
#10
10-29-2008, 06:21 PM

[eluser]Giraf[/eluser]
I fixed it somehow. I dont think hooks in combination with session handling is very intuitive.
I'm not really sure exactly what fixed it, but here's some clues to what I did:

In the HOOK file I had to put get_instance() under parent::Controller(), and put it over in controller files.
And apparantly I had to strictly use get_instance() everywhere, if i mixed them like using $this->session->userdata('item') in controller files and $this->CI->session->userdata('item') in the hook it probably created two database entries... I don't think I really get it.




Theme © iAndrew 2016 - Forum software by © MyBB