Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Session Class - Wiered Behavior
Session Class - Wiered Behavior
  • El Forum
    Guest
  •  
#1
07-15-2009, 04:19 AM

[eluser]Twisted1919[/eluser]
Hi , i am getting some wiered behavior from the session library .
I am storing the session data into database and , my config looks like this :
Code:
$config['sess_cookie_name']    = 'session';
$config['sess_expiration']    = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']    = 'sessions';
$config['sess_match_ip']    = TRUE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 3600;

Right now in my sessions tables i have :
Code:
SELECT *
FROM `sessions`
LIMIT 0 , 30
//Result :
Showing rows 0 - 29 (3,690 total, Query took 0.0004 sec)

My problem is that , it logs me out after 10 minutes of inactivity , sometime less than 10 minutes even if the time is set higher than 10 minutes ...

Why that ?
  • El Forum
    Guest
  •  
#2
07-15-2009, 05:17 AM

[eluser]Maglok[/eluser]
Mabye a little more information, like how do you set the session/login?
  • El Forum
    Guest
  •  
#3
07-15-2009, 06:58 AM

[eluser]Twisted1919[/eluser]
Thats's simple . is the classic case :

Code:
if($this->database->login($username,$password) == TRUE)
{
$session_data = array('logged_in'=>TRUE , 'username'=>$username);
$this->session->set_userdata($session_data);
header('location:/user_panel.php');
die();
}
else
{
//Show some error
}
Where database is a model and login is a method that checks if the username and the password do match into database .
Is this the data you are asking for ?
  • El Forum
    Guest
  •  
#4
07-15-2009, 07:19 AM

[eluser]Maglok[/eluser]
Do you store a lot more in those cookies? I notice you have marked encrypt_cookies. I am pretty sure encrypting takes a lot more space then normal values, and that the max is 4KB. You might somehow be going over that.

As for the time. It always logs you out at the same time? It is reproducable?
  • El Forum
    Guest
  •  
#5
07-15-2009, 12:45 PM

[eluser]Twisted1919[/eluser]
Ok i know that the cookie can hold just 4 kb of data but is the same thing even if i store the session into database ?
because i think i store more than 4 kb into my cookies and i tought that using database i can bypass this limitation ...
I was wrong , wasn't i ?
  • El Forum
    Guest
  •  
#6
07-16-2009, 10:15 AM

[eluser]Twisted1919[/eluser]
can somebody answer to my question please ...?
  • El Forum
    Guest
  •  
#7
07-17-2009, 12:50 AM

[eluser]Maglok[/eluser]
People do sleep. Smile

Quote:While the session data array stored in the user's cookie contains a Session ID, unless you store session data in a database there is no way to validate it. For some applications that require little or no security, session ID validation may not be needed, but if your application requires security, validation is mandatory.

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

Well, I am unsure. What you could do is just check the cookie when it is set using webdeveloper toolbar or in IE8 the IE8-F12 thingy.
  • El Forum
    Guest
  •  
#8
07-17-2009, 03:59 AM

[eluser]Twisted1919[/eluser]
I've just tested that and anyway the session data is far away of those 4 kb of data .
I've set the sesstion class NOT to encrypt the cookie , hope no errors after that .

Ah , and a cookie stored by ci looks like :
Code:
a:4:{s:10:"session_id";s:32:"51630dff10c0244a6d99fa4c1337ff1f";s:10:"ip_address";s:10:"86.34.8.xx";s:10:"user_agent";s:50:"Mozilla/5.0+(Windows;+U;+Windows+NT+6.0;+en-US;+rv";s:13:"last_activity";s:10:"1247817163";}5b5fe31174d6cafdd62d07b273b6aeec

There is no presence of additional data that i set with $this->session->set_userdata() so i believe it needs only the session id and it searches into db for corresponding data . If this is true , than it doesn't matter how big is the data that i set with $this->session->set_userdata() because it stays into database and then the pre-logout thing is due some other fact ...

Anyway i might be wrong ...
  • El Forum
    Guest
  •  
#9
08-10-2009, 07:56 PM

[eluser]topherdan1[/eluser]
I am having a similar problem in my application. The bug is really hard to reliably reproduce, but at unpredictable intervals that application will just log a user out. Any insight into this would be awesome.
  • El Forum
    Guest
  •  
#10
08-11-2009, 12:07 AM

[eluser]Kepler[/eluser]
Is it possible you are crossing domains without realizing it?

For example http://127.0.0.1/ brings you to the same place as http://localhost/ but they have different cookies.

Just a thought. And no, I don't sleep. ;-)




Theme © iAndrew 2016 - Forum software by © MyBB