Welcome Guest, Not a member yet? Register   Sign In
Session info doesn't get passed on within CI
#1

[eluser]Las3r[/eluser]
Hi there,

I posted a message in the wrong boards earlier, so here I am in the bugs forum after spending hours and hours of error-and-trial without any results whatsoever. I've created a small cms before (manual php code) and have a lot of experience with sessions, so this is my last hope in finding an answer.

My problem is rather simple:

I autoload the session library in the autoload.php, meaning it should work throughout every piece of code I am writing. Simply said; I have a login form that's being validated. After that I'm writing the username,password in a session, as following:

Code:
if ($this->userlogin_functions->check_user($username,$password) == FALSE)
                {
                // Wrong user + pass combination was found - relog message
                echo 'wrong user / pass';
                  redirect('/login', 'location', 301);
                }
                
                else
                
                {
                // Successfull login - time for sessions!
                echo 'logged in';
                $md5pass = $this->userlogin_functions->get_fn_md5_pass($username);
                
                $sessioninfo = array(
                   'session_username'  => $username,
                   'session_password'  => $md5pass
                                    );

                $this->session->set_userdata($sessioninfo);
                        $session_id = $this->session->userdata('session_id');
                        $session_username = $this->session->userdata('session_username');
                        $session_password = $this->session->userdata('session_password');
                echo '<br />session_id: '.$session_id.'<br /> username in session: '.$session_username.'.<br />password: '.$session_password;
                echo '<br />link: <a href="/userpage">click</a>';
                }

After this piece of code it succesfully shows me the session ID , username i logged in with, and the password md5ized with our own native SQL 2005 .dll.

<b>So far, so good.</b>

Then the userpage - the 'members' page, that should only be viewable by a logged in user:

Code:
&lt;?php
if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Userpage extends Controller {
        
        function Userpage()
        {
              parent::Controller();
        }
        
        function index()
        {
        
        
        $this->load->helper(array('url'));
        $this->load->model('userlogin_functions');
        if ($this->userlogin_functions->verify_session() == FALSE)
        { echo 'no session found!';}
        else
        { echo 'you are verified and logged in';}
        }
        
}

It calls the <b>verify_session function</b>, as below:

Code:
function verify_session()
    {
        $session_id = $this->session->userdata('session_id');
        $session_username = $this->session->userdata('session_username');
        $session_password = $this->session->userdata('session_password');
        if (($session_username == FALSE) OR ($session_password == FALSE))
        {
        echo 'session id: '.$session_id;
        echo 'session username: '.$session_username;
        echo 'session_password: '.$session_password;
        }
        
        else
        {
        $checkcreds = 'SELECT * FROM MEMB_INFO WHERE  memb___id =? AND memb__pwd = [dbo].[fn_md5](?,?)';
        
        $db1 = $this->load->database('accounts', TRUE);

        $verifysess= $db1->query($checkcreds,array($session_username,$session_password,$session_username));
        return ($verifysess->num_rows() != 0)?TRUE:FALSE;
        }

            
    }

The funny thing is that if i go to this page (userpage.php linked from the "loginsuccess-page"), it gives me "no session found!". I added some debug-echo's in order to print the session_id, username and password to screen, <b>however the session_id is DIFFERENT than what it was on the login page</b>.

There is no longer any user information (username,password) stored, as this is a whole new session (or so it seems), and I'm being pushed into googling and wiki-ing for a solution. I've seen a lot of posts for database-sessions, but i'm not using this, and this is not my concern as well.

I have error-n-trialed:
- Hosting on my home dev box (Windows 7 x64 - latest WAMP)
- Hosting on my production server (red hat enterprise linux - latest apache stable)
- Changing session loading. Tried both autoload and manual load in all controllers
- 4 different browsers on 2 different pcs
- setting 'sess_time_to_update' to 0 (indeed renews sessions every second) and to 7200 (same effect as 300 (default)).

I'm using latest CI (clean copy), without any modifications or any custom stuff whatsoever - i just got started.

The settings for the sessions can be found below:

Code:
$config['sess_cookie_name']        = 'iat_web_sess';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 72000;

In my view, the session data should live on for the amount of time specified, and just carry the info with it as long as it takes (unless you use flashdata), and this does NOT happen with CI, not in my site , anyway.

I coded a custom piece of php (non-CI , no framework used) that basically uses the same login script, but in lengthy php, using the same queries, the same session vars, and everything, and it worked as it should, so i have no other thing to say than that this is either a bug, or a severe misconception from my point of view.

Any help or clearing up would be appreciated.

Thank you.
#2

[eluser]Tom Schlick[/eluser]
ive never had this problem but i use the database to store the sessions... you should try that
#3

[eluser]Las3r[/eluser]
Correct, I could, however in it's basic form it should perfectly work, should it not?

I mean I don't like being 'forced' to use alternative means Smile

I prefer the session work to be done on myproduction webserver, as my MS SQL instance is burning continuesly, and writing loads of session info directly into DB is pointless, cause i got a well (overkill-)webserver waiting to be punished Smile

Erik.
#4

[eluser]Tom Schlick[/eluser]
[quote author="Las3r" date="1235008061"]Correct, I could, however in it's basic form it should perfectly work, should it not?

I mean I don't like being 'forced' to use alternative means Smile

I prefer the session work to be done on myproduction webserver, as my MS SQL instance is burning continuesly, and writing loads of session info directly into DB is pointless, cause i got a well (overkill-)webserver waiting to be punished Smile

Erik.[/quote]

oh i agree totally. are you running on IIS with php installed? maybe this is a glitch with that.
#5

[eluser]Las3r[/eluser]
Nope, it's windows 7 - apache + php (WAMP package) and I tried this on my production server too (red hat enterprise linux + apache + php (latest stable), BOTH the same problem, which makes me 100% sure that this is not serverside, rather a problem in the programmature.

I really appreciate the efforts though Smile
#6

[eluser]Las3r[/eluser]
So is there anyone that could help me get this fixed, or at least confirmed, a dev perhaps?

I really don't want to be stopped by something this basic and I won't setup database sessions as described earlier.

Thank you..
#7

[eluser]mrmeyers99[/eluser]
Is your problem browser-specific? I'm having the same problem in IE, but not firefox/chrome.
#8

[eluser]Las3r[/eluser]
I found out the cause of my problem.

Since my userpassword is in 0x0123456789ABCDEF binary code, this some how fucked up the session daat, and It works now with simply calling session_start(); in the end of the autoload.php file Smile

Erik.




Theme © iAndrew 2016 - Forum software by © MyBB