Welcome Guest, Not a member yet? Register   Sign In
Session logout problems
#11

[eluser]che_anj[/eluser]
here's my login

Code:
function process_login()
    {
        $username = $this->input->post('username');    
        $password = $this->input->post('password');
        
        $this->load->model('Auth', '', TRUE);
        $data['query'] = $this->Auth->CheckAuth();
        if ($data['query']->num_rows() > 0)
            {
                $row = $data['query']->row();
                $data=array(
                            'username'=> $row->username,                        
                            'logged_in'=> TRUE    );
                $data['acl']=$row->acl;
                $this->session->set_userdata($data);
                redirect('main/index');
                
                                
            }                            

        else
        {
            $this->session->set_flashdata('message', '<div id="message">It seems your username or password is incorrect, please try again.</div>');
            redirect('login/index');
        }
    }

config.php for session settings
Code:
$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']         = 300;

Thanks in Advance
#12

[eluser]Michael Wales[/eluser]
Well, we'd have to see what Auth->CheckAuth() is returning.

2 ways to attack this:
1) The easiest, load up Firebug and watch the sessions tab. Login, then logout and watch for the change in session state.
2) Login, edit your process_login() method to add a print_r($data['query']) statement, logout and you should go back to the process_login(). If it does, in fact, log you back in you will be able to see what was returned in $data['query'] and debug from there.
#13

[eluser]Dam1an[/eluser]
[quote author="Michael Wales" date="1242413652"]
1) The easiest, load up Firebug and watch the sessions tab. Login, then logout and watch for the change in session state.[/quote]

What? Since when did Firebug get a session tab, I installed the latest version last week and don't have that
Also, as the sessions in CI are encrypted cookies, would it still work?
#14

[eluser]che_anj[/eluser]
Auth->CheckAuth() returns the value of username from the database record
#15

[eluser]Michael Wales[/eluser]
Quote:What? Since when did Firebug get a session tab, I installed the latest version last week and don’t have that
Also, as the sessions in CI are encrypted cookies, would it still work?

Sorry, I meant the Cookies tab. Encrypted cookies are an option that he has turned off (and of course, you would turn off if you needed to debug something like this). Personally, I leave encryption off until I go production - since it's just a flick of a boolean, nothing else needs to change in your code.
#16

[eluser]Dam1an[/eluser]
I didn't even realise I could turn off cookie encryption... never needed to either (yet)
I prefer to use the profiler extension I mentioned in post #5 which shows me all my session data along with the profiler
#17

[eluser]Stu Green[/eluser]
Cheers guys i'll try the profiler
#18

[eluser]chandrajatnika[/eluser]
I have the same problems... this is my config..
Code:
$config['sess_cookie_name']    = 'ci_session';
$config['sess_expiration']    = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']    = 'login_sessions';
$config['sess_match_ip']    = TRUE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 1800;

What in the profiler that I should see????
#19

[eluser]Dan Allen[/eluser]
Hi. We have the same problem. Users are logged out randomly. It is not timeout and it is not repeatable by going back to where the logout happened and repeating the operations that preceded the logout. The problem appears random.

The problem started when we implemented database-based CI_Sessions. Prior to that, the random logging out was not happening.

Using the tips above to work through the problem. Will post results.

In the meantime, I wanted to bump this thread, to let others know they are not alone, and in case more information might be available now.

I don't see any actual solutions yet. I was hoping there would be a known solution to this relatively common but terrible problem.

As always, any comments, questions, suggestions, concerns, etc. will be extremely much appreciated.

Best regards,
Dan
#20

[eluser]Dan Allen[/eluser]
We solved by working with session configuration variables in two places. No code changes were needed.

Spotting the configuration problem was complicated by my my misunderstanding of how variables in the application/libraries do not necessarily (maybe never) override variables in the application/config. I am still not 100% understanding, but I think we fixed with the settings below.

We traced the problem inside the application/libraries/Session/sess_update()

Code:
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
        {
            log_message('debug', "Session update NO");
            return;
        }
        log_message('debug', "Session update YES");
        ...
The CI log (and ci_session table) showed the session update was not happening, leading to expiration of the session.

The action of deleting the session records from the DB may have been caused by a combination of too much time on $sess_time_to_update leading to deletion of the record by the garbage collection function. The apparent random occurrence of the logging out would be explained by the random function controlling the frequency of when the garbage collection function is executed.

The specific settings we run for the moment are below. I am sure the $sess_time_to_update could be increased significantly while $sess_expiration could be decreased. We had ours mixed up, so these settings are ultra liberal on not logging people out or nailing them with inadvertent garbage collection.

SETTINGS THAT APPEAR TO WORK

Code:
//application/libraries/Session.php
//---------------------------------
    var $sess_expiration            = 10800;
    var $sess_time_to_update        = 30;
    var $gc_probability             = 5;  // causes garbage collection to run 5% of the time,
                                          // at random intervals


//application/config/config.php
//----------------------------
    var $sess_expiration      = 10800;
    var $sess_time_to_update      = 30;
    var $gc_probability              = 5;



SETTINGS THAT DID NOT WORK

Code:
//application/libraries/Session.php
//---------------------------------
    var $sess_expiration            = 7200;
    var $sess_time_to_update        = 300;
    var $gc_probability             = 5;


//application/config/config.php
//----------------------------
    var $sess_expiration     = 0;
    var $sess_time_to_update     = 1500;
Hope this helps someone down the line.

In the meantime, CI rocks. What else can I say?

Best regards,
Dan






Theme © iAndrew 2016 - Forum software by © MyBB