CodeIgniter Session Problems Thread

[eluser]Jonathan Angel[/eluser]
For those looking for a fix, I have resolved my problem:

I took a few minutes to diagnose the same problems described with CI Sessions and DX Auth.

First, I synchronized both server and client time (both where wrong). Temporarily the problem subsided; however, it mysteriously stopped storing the session. So.. I checked the database and no session or login attempt was being recorded.

Second, I began reading this and other discussions and found that by removing the underscore (_) in the CI config.php file, the problem was resolved.

Original:

Code:

$config['sess_cookie_name'] = 'ci_session';

Modification:

Code:

$config['sess_cookie_name'] = 'cisession';

I no longer have a problem with sessions in IE8 on WinXP.

For those that attempt to resolve their problem using these methods, please post your results, good or bad. By the way... uber-fan of CI.

[eluser]jedd[/eluser]
[quote author="Jonathan Angel" date="1259891112"]
First, I synchronized both server and client time (both where wrong).

...

Second, I began reading this and other discussions and found that by removing the underscore (_) in the CI config.php file, the problem was resolved.
[/quote]

Who could have guessed?

[eluser]The Wizard[/eluser]
i also encountered some session bugs which almost made me anne of my mind

i had setup sessions for 'localhost' and was using 127.0.0.1 and was wondering WHY it
didnt recognize the the cookies (my fault )

[eluser]jenovachild[/eluser]
Hi,

I've also encountered session issues using CI session library, specifically when I upload to my remote host.

Details:

1. I develop the website on my localhost, everything works well - first time using CI, I fall in love. (Big MVC fan)

2. I upload the website to my remote server, everything works great, accept I am attempting to use sessions to save some data when I get a return response from Paypal, which was an attempt on its own to get working (Paypal requires you to be able to receive $_GET variables, I've finally managed to work this out but CI really could use some better documentation / variations when you are required to receive $_GET, anyway.. separate story)

3. After setting the session then redirecting to the next page (/checkout/review) I find the session is empty, only on ONE of the THREE servers I have tested. (Although I know sessions and cookies both work using native php cookies/sessions)

4. So, here is some pseudo code logic:

Code:

// cURL request to payapl, specifying a return url, dollar amount, etc.

// I am not on paypals page, user logs in/specify's credit card, and hits submit

// cURL request returns me to the returl url, with query string variables ($_GET) pertaining to information that I need. (A special token to relate to this transaction)

// From here, I send another cURL request, using the previous information sent from paypal and the redirect to a 'review payment' page, with the returned results from paypal because I need the return info, i store it into a session by doing the following:

$this->session->set_userdata('paypal_result', $result);
        redirect('./checkout/review/');

// At this point I am on the review page, and there is nothing in the session data, although $result is full of data (print_r($result), its an array..)

// here is an overview of that entire section of my code, all within the same controller - checkout.php


// AUTH REQUEST
function auth()
    {
        // do the paypal stuff, lets initialize an auth request, with an amount (everything else is static!)
        $this->paypal->init_authorization(50);
        $result = $this->paypal->request();
        
        // check for an error
        if($this->_err_check($result["ACK"], $result))
            return;
        
        // if the result is a success, redirec to paypal
        if($result["ACK"] == "Success")
            header("Location: " . $this->paypal->get_param("PAYPAL_LOGIN") . urldecode($result["TOKEN"]));

    }


// RETURN URL

    function returnurl()
    {
    
        // initialize paypal variables for the review
        $this->paypal->init_payment_review($_GET['token'], $_GET['PayerID']);
        
        // post the request to paypal and retreive the results
        $result = $this->paypal->request();
                
        // check for an error
        if($this->_err_check($result["ACK"], $result))
            return;
        
        // set the result in flash data, because we are going to redirect to a new page to remove the ugly $_GET requests from the url.
        $this->session->set_userdata('paypal_result', $result);
        redirect('./checkout/review/');
    }



// REVIEW PAYMENT BEFORE PROCEEDING

function review()
    {
        // get the flash data for the user to review.
        $data = $this->session->userdata('paypal_result');
        
        // set the flash data again, because we will need it when we process the payment.
        $this->session->set_userdata('paypal_result', $data);
        
        echo '<pre>REVIEW<br>';
        print_r($data);
        echo '<a href="/csnq/checkout/process/">Click here to make sure that you can get the most out of life!!</a>';
        echo '</pre>';
    }

Some browser fact to note:

- It fails in IE and Firefox and Chrome

So, this all works fine on my localhost AND I've also uploaded it to one other remote server, both are working. Only the server this website needs to be hosted on refuses to let the sessions work.

The phpinfo page for the server which is NOT working, can be found at http://www.darklite.com.au/phpinfo.php


These are my session settings in config

Code:

$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;
$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']        = "/";

Any help on this would be much appreciated! Thanks!

[eluser]jenovachild[/eluser]
Ok I've resolved the issue I was having after reading a post over at http://ellislab.com/forums/viewthread/100916/

By setting my cookie_domain option to the name of my domain, it allowed me to save sessions (because CI uses cookies to save the session, and this server must require you to explicitly outline the cookie domain)

So for anyone else having troubles like this, What fixed the problem:

Code:

$config['cookie_domain'] = '';

Change to

Code:

$config['cookie_domain'] = 'darklite.com.au'; // whatever your domain name is

[eluser]Unknown[/eluser]
Thanks Jonathan Angel. Removing the '_' worked for me.

[eluser]Unknown[/eluser]
Is the general confusion here around how cookies work?

I think the op brings up some interesting points, but the e-debate seemed to get pretty heated.

Honestly, there's so many problems with cookies in general (like security), I just prefer to never rely on them

[eluser]WanWizard[/eluser]
In general: Yes. And in how that reflects on how you should configure CI and use sessions.

Now that browsers are slowly implementing much needed security features, those with sloppy configs now start complaining that their application no longer works. And guess who's fault it is?

It's like with any other piece of code you write and feature you use: understand it thoroughly before using it, use it properly, and don't make any assumptions about the environment, as it may change.

[eluser]Блум[/eluser]
I had problems with CI sessions, the server was just refusing to set any cookies. The generic PHP cookie operation was working well, but CI was unable to set any cookie, including session one.
I found that PHP core configuration option "output_buffering" in php.ini must be:

Code:

output_buffering = On

for CI to be able to set cookies.

[eluser]WanWizard[/eluser]
This is not related to CI, but to HTTP specifications.

If you don't use output buffering, cookies (or any HTTP header for that matter) have to be send before you start sending output. If not, PHP throws a notice error (headers already send).

If you had suspected CI, you didn't see the error. So make sure you have all error reporting active and display errors enabled in your development environment to spot such errors.

Back to CI:

The session library sets the session cookie every time your call sess_write(), which gets called when you update session data. This can happen anywhere in your application flow.
However, CI uses the Output class to buffer all output, compress it if needed, and send it out. Which only happens after your controller is finished and has returned control to the front controller.

So even with output buffering off this is not an issue, unless your application generates output that bypasses the output class (i.e. every echo or print statement). In a CI app, this is not-done!