IE browser not terminating session even after logging out? |
[eluser]novice32[/eluser]
I have CI application with multiple login accounts. Whenever I login as USER1, and logout, and then log in as USER2, my USER1 session appears instead. However it works correctly if after logging out as USER1 I close the browser and relogin as USER2. Is this expected behavior with IE 8 (and in compatibility mode)? As expected, Firefox and Chrome work as expected. I store user session information in the database. Please advise Novice32
[eluser]ThijssjihT[/eluser]
overwrite data in the session: set username etc to '' when hitting the logout button. After that: $this->session->sess_destroy(); If you can't destroy the session, it isn't a solution, but it should be a temporary 'avoid-the-problem'.
[eluser]novice32[/eluser]
I believe I am performing what you suggested: Code: function Logout() { Please let me know if you have any other suggestions.
[eluser]WanWizard[/eluser]
Are you using cookies or the database backend for your sessions?
[eluser]WanWizard[/eluser]
In that case a sess_destroy() removes the session record from the database, so that particular session can't be reloaded. Can you do a var_dump($this->session->userdata) somewhere after loading the session library, and see what happens with the session_id and the other session variables when you login as USER1, logout, and login as USER2?
[eluser]novice32[/eluser]
I'm totally baffled. I tried vardump, which shows inconsistency in user2's session. I'm not sure what next to try. Here are the detailed steps: Access user/login page: ci_session table: '4e9c74ee3d328be6592514a983a56851', '0.0.0.0', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;', '1274041069', '' After successful login (user1): ci_session table: '4e9c74ee3d328be6592514a983a56851', '0.0.0.0', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;', '1274041069', 'a:1:{s:8:"UserName";s:16:"[email protected]";}' var_dump($this->session->userdata): { ["session_id"]=> string(32) "4e9c74ee3d328be6592514a983a56851" ["ip_address"]=> string(7) "0.0.0.0" ["user_agent"]=> string(50) "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;" ["last_activity"]=> string(10) "1274041069" ["UserName"]=> string(16) "[email protected]" } USER1 LOGOUT (which returns to user/login page): ci_session table => empty After successful login (user2): ci_session table: 'f6602c15b2d391315800f948fbaf2116', '0.0.0.0', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;', '1274041383', 'a:1:{s:8:"UserName";s:19:"[email protected]";}' var_dump($this->session->userdata): { ["session_id"]=> string(32) "4e9c74ee3d328be6592514a983a56851" ["ip_address"]=> string(7) "0.0.0.0" ["user_agent"]=> string(50) "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;" ["last_activity"]=> string(10) "1274041069" ["UserName"]=> string(16) "[email protected]" }
[eluser]1mr3yn[/eluser]
http://ellislab.com/codeigniter/user-gui...sions.html
[eluser]WanWizard[/eluser]
Care to elaborate how a link to the manual is helping here? @novice32: You are doing a redirect are you? Because the session library contains an inconsistency, it reads the session record once, when you load the session. If in a single page request you destroy the session and create a new one, userdata will still contain the old values. Same for destroy, you would expect the userdata to be gone after a destroy, but it isn't.
[eluser]novice32[/eluser]
WanWizard, thanks for helping me on this. I'm new to CI, so hopefully I'm not missing something totally. At the time of logout, I don't create another "database session" record (with UserName value) unless the user logs in again. Also, as mentioned in my original thread, this doesn't happen in Firefox and Chrome, only IE. I assume it's browser specific. Should I be loading a view instead of redirecting? Here's my code: Code: /*** User controller *****/ |
Welcome Guest, Not a member yet? Register Sign In |