Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Cookies Leaving A Bitter After Taste
#1

[eluser]TheFuzzy0ne[/eluser]
I'm having a slight problem with cookies. It's nothing too serious, but it is strange nonetheless.

I'm using encrypted cookies on my development server. They've worked fine since I installed CodeIgniter and configured it. I decided to not to bother encrypting my cookies for my development server, as I don't think it's really necessary, but here's the thing -- They don't seem to work correctly without. The standard session data is stored in the cookie, but as soon as I make another request to the server, the cookie remains intact, but none of my data is added.

The data I'm adding is simply an ID, which I'm adding with the key name "id". I've tried clearing my cookies, and I just can't login. Re-enabling encryption again makes everything work again.

I'm going to keep my cookies encrypted for now. It's not a serious problem, it's just very strange that they don't seem to work as expected without encryption. Has anyone else experienced a similar problem?

The only change I've made that could have anything to do with it, is this:

Code:
<?php
/**
* This class extends the core Encrypt class, and allows you
* to use encrypted strings in your URLs.
*/
class MY_Encrypt extends CI_Encrypt
{
    /**
     * Encodes a string.
     *
     * @param string $string The string to encrypt.
     * @param string $key[optional] The key to encrypt with.
     * @param bool $url_safe[optional] Specifies whether or not the
     *                returned string should be url-safe.
     * @return string
     */
    function encode($string, $key="", $url_safe=FALSE)
    {
        $ret = parent::encode($string, $key);
        
        if ($url_safe)
        {
            $ret = strtr(
                    $ret,
                    array(
                        '+' => '.',
                        '=' => '-',
                        '/' => '~'
                    )
                );
        }
        
        return $ret;
    }
    
    /**
     * Decodes the given string.
     *
     * @access public
     * @param string $string The encrypted string to decrypt.
     * @param string $key[optional] The key to use for decryption.
     * @return string
     */
    function decode($string, $key="")
    {
        $string = strtr(
                $string,
                array(
                    '.' => '+',
                    '-' => '=',
                    '~' => '/'
                )
            );
            
        return parent::decode($string, $key);
    }
}

// End of file: MY_Encrypt.php
// Location: ./system/application/helpers/MY_Encrypt.php

But this isn't used when encryption is disabled, which is when I am getting the problems.
#2

[eluser]Cro_Crx[/eluser]
Hey TheFuzzy0ne

Might be possible that your cookies aren't being delete, maybe? Obviously if you turn off encryption and the cookies are still encrypted from before it's not going to work. If you have another browser, try using it (as it'll have diff cookies stored). I'm assuming your setting them to be encrypted in the config.php and not doing them manually?

You can print out all of the session variables for debugging by using:

Code:
print_r($this->session->userdata);
#3

[eluser]TheFuzzy0ne[/eluser]
That's exactly what I thought, so I cleared my cookies, and alas, the problem was still present.

User data prints out correctly after being set, but it's lost as soon as I make a new request, although the CI session related data is still there.

Code:
Array
(
    [session_id] => a44b5e728bfb7e437c8ad594024a0cfa
    [ip_address] => 192.168.1.72
    [user_agent] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) Ap
    [last_activity] => 1242914999
)

One thing I've noticed, though. The session ID changes on each request.

Here's some info from my config.php:

Code:
/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean).  Whether to encrypt the cookie
| 'session_expiration'  = the number of SECONDS you want the session to last.
|  by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
| 'time_to_update'        = how many seconds between CI refreshing Session Information
|
*/
$config['sess_cookie_name']       = 'ci_session';
$config['sess_expiration']        = 0;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']      = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']          = FALSE;
$config['sess_match_useragent']   = TRUE;
$config['sess_time_to_update']    = 300;

Please don't forget, this isn't important. Using encryption is not a problem for me in the slightest, I just thought it was a strange issue.
#4

[eluser]Dam1an[/eluser]
If the session ID changes on each request does that not mean its recreating a new sessions, instead of maintaining the CI session data?

Out of curiosity, is this with autoloading the session class, or initiating it manually?
#5

[eluser]TheFuzzy0ne[/eluser]
The session class is loaded automatically.
#6

[eluser]Cro_Crx[/eluser]
Can you create a new codeigniter install and write 2-3 lines in the default controller to set a variable, then turn encryption on, turn it off and see if it does the same?

I'd be interested to see if it behaves the same or if the problem is specific to your application's code.

Or maybe just try and change the name of your cookies from 'ci_session' to something else to test!
#7

[eluser]tinman[/eluser]
Maybe this would help: http://ellislab.com/forums/viewthread/102561/
#8

[eluser]TheFuzzy0ne[/eluser]
[quote author="Cro_Crx" date="1242949928"]Can you create a new codeigniter install and write 2-3 lines in the default controller to set a variable, then turn encryption on, turn it off and see if it does the same?

I'd be interested to see if it behaves the same or if the problem is specific to your application's code.[/quote]

Looks like it is something to do with my code, as it works fine on a fresh app. I don't know where though. I'll have to try and look into this when I have more time.

[quote author="tinman" date="1242978292"]Maybe this would help: http://ellislab.com/forums/viewthread/102561/[/quote]

Unfortunately, that seems to have nothing to do with the issue.
#9

[eluser]easymind[/eluser]
It could be that you use a flash uploader or something. In that case internet explorer and maybe others use a different user agent. So set match user agent to false in your condig.php (at the session settings). Maybe it will help.




Theme © iAndrew 2016 - Forum software by © MyBB