Session logout problems

[eluser]Stu Green[/eluser]
Hiya,

Having problems with the session cookies. I'm getting logged out when just browsing around my sites when logged in. Sometimes (quite rightly) it times out after inactivity. But other times it just logs me out randomly.

This is for a CMS so it needs to allow page inactivity for 20 mins or so (in case they are writing a long page), but then it automatically updates the page every 30 seconds anyway, so there is always activity, but I want the session to stay logged in for 20 minutes before expiring.

I need the optimum, secure configuration for the session cookies - what do people recommend?

current set up is the following:

Code:

$config['sess_cookie_name']        = 'my_session';
$config['sess_expiration']        = 1800;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 600;

Please advise.

[eluser]Dam1an[/eluser]
Are you storing a lot of session data when you get logged out? Remember there is a 4K limit, and they encrypted, so you have a lot less then you think

Do you lose the entire userdata or just the logged_in flag?

[eluser]Thorpe Obazee[/eluser]
[quote author="Dam1an" date="1242271336"]Are you storing a lot of session data when you get logged out? Remember there is a 4K limit, and they encrypted, so you have a lot less then you think

Do you lose the entire userdata or just the logged_in flag?[/quote]

If it is like what Dam1an says, then you could probably use database sessions.

[eluser]Stu Green[/eluser]
Hey not sure what I'm losing to be honest, I'll have to try and find that out.

Storing is not a problem as the row is only about 1kb.

I am using DB sessions already.

[eluser]Thorpe Obazee[/eluser]
Ha. Yeah, didn't see that. That happens when you don't actually read everything in the first post

Could it be a browser problem?

[eluser]Dam1an[/eluser]
[quote author="haloweb" date="1242282711"]Hey not sure what I'm losing to be honest, I'll have to try and find that out.[/quote]

To view you're session data, stick the attatched profiuler in your libs directory and enable the profiler

Code:

$this->output->enable_profiler(true);

This makes it so much easier to keep track of what session data you have set when
(I can't take credit for creating this, but I can;t remember who did)

[eluser]Thorpe Obazee[/eluser]
Hmm... nice on Dam1an. This extension is quite helpful.

[eluser]Stu Green[/eluser]
Hey all thanks.

Please can someone just post the optimum settings for a secure, but quite lengthy session login.

It's for a CMS so it has to be secure but not keep logging me out every 5 minutes of inactivity. Also there are lots of AJAX calls that happen.

Thanks

[eluser]che_anj[/eluser]
hi I'm also having trouble with my logout. It does not totally destroy the session coz I did try to paste the url and it seems I can get into without entering my username and password
here's my code

Code:

function logout()
    {
       $this->session->sess_destroy();      
        redirect('login/index');
    }

any ideas thanks

[eluser]Michael Wales[/eluser]
What's your login code look like? Settings in config.php for sessions and cookies?