Session creates new session id on every page load

[eluser]jonghahwang[/eluser]

Code:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

Thanks for the tip. It works.
Now the session_id can be found and no more new session_id.
Your agent can be longer than 50 depends on browser.

[eluser]InsiteFX[/eluser]
The session library truncates it to 120 characters!

See the ./application/libraries/session.php

[eluser]jonghahwang[/eluser]
I checked and you right it does substring 120, which make sense because database column length is 120.
so even if user agent is longer than 120, it won't be problem for database and session.
My problem was that since the column length was 50, even if session truncate upto 120,
it won't matter, because database truncate upto 50.
Thus session class can't find my session id when config sess_match_useragent=TRUE is set.
So either I had to set it FALSE or change ci_session table structure.

[eluser]theseamusjames[/eluser]
Having the new session on every page problem after upgrading from 1.7 to 2.0.3.

I've tried everything in the thread (in many combinations).

Current settings:

Code:

$config['base_url'] = "http://localhost/";

$config['sess_cookie_name']  = 'cisession';
$config['sess_expiration']  = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name']  = 'ci_sessions';
$config['sess_match_ip']  = TRUE;               //Also tried FALSE
$config['sess_match_useragent'] = FALSE;       //Also tried TRUE, and tried both combinations of these
$config['sess_time_to_update']  = 300;


$config['cookie_prefix'] = "";
$config['cookie_domain'] = "127.0.0.1";     //We do need
$config['cookie_path']  = "/";
$config['cookie_secure'] = FALSE;

Also loaded the new ci_sessions schema with the revised user_agent length. Still no go.
Any ideas?

** Edit: It can't find the cookie, even though the expiration (at the point of setting the cookie - checked it) is 63,072,000 seconds from now. **

**Edit again: Working now. I'm not sure, but I think it didn't like my encryption key. **

[eluser]ccontreras[/eluser]
[quote author="niranjnn01" date="1323483005"]I solved the problem too, and the world suddenly seems to be a better place to live in!!!


I tired all the above said ways to solve, But no single solution solved my problem. a number of them did.

I noticed that the session was destroyed at the following part of the session library

Code:

// Decrypt the cookie data
  if ($this->sess_encrypt_cookie == TRUE)
  {
   $session = $this->CI->encrypt->decode($session);
  }
  else
  {
   // encryption was not used, so we need to check the md5 hash
   $hash  = substr($session, strlen($session)-32); // get last 32 chars
   $session = substr($session, 0, strlen($session)-32);

   // Does the md5 hash match?  This is to prevent manipulation of session data in userspace
   if ($hash !==  md5($session.$this->encryption_key))
   {
    log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
    $this->sess_destroy();
    return FALSE;
   }
  }

so i used this in the config

Code:

$config['sess_encrypt_cookie'] = TRUE;
$config['cookie_domain'] = "mydomainname.com"; // IMPORTANT!! - DID NOT WORK WITHOUT THIS BEING SET - FOR ME

Strangely enough, the code was working perfectly well without any of these problems/fixes in my local(wamp in windows 7). My server is Linux.


Thank you everyone who contributed!![/quote]

Thanks bro, this worked pretty good for me!!!

[eluser]Ivoo[/eluser]
I am still struggling with this. Hope someone can point me towards an explanation.

1. Am I supposed to you either sessions, or db_sessions? Or should I use them both at the same time?

(I currently have both and it looks like two cookies are sent to the browser. That does not feel right.)

2. The userdata[] of db_sessions does not include a user_id (while session's userdata[] does). Why not?

3. If I am supposed to work with db_sessions instead of sessions, how do I get rid of the latter?

[eluser]Unknown[/eluser]
Thanks for all the troubleshooting tips. Unfortunately, I haven't found the right one yet.

Here's my variation of the issue:

On my development server (MAMP), I had database sessions set up and running fine. When I moved to the company's testing server (IIS 6, PHP, MSSQL) things didn't work quite as well. A session record would be created when the user logged in (and all their session information would be set), then when they were redirected to the landing page, the server would create a new (empty) session for them and destroy the old one. I could then refresh the landing page and that same cookie would persist.

To narrow the potential issues, I set the config to the simplest setup, just storing info in cookies instead of using the database:

Code:

$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = '';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 300;

Here's the detailed information:
1.User arrives at the site, and is sent to the "auth" controller to log in. A session and cookie are created
2. User submits name and password to auth/validate_credentials. Per firebug, that cookie is sent back to the server. The server authenticates the user and sends a cookie in response with the same session id, but the new userdata added as well.
3. The user is then redirected to site/home, sending that same cookie back to the server. The server discards that cookie and responds with a new one (with new session_id, also losing all userdata).
4.If I refresh this page (manually preventing a redirect because the user is not logged in) the empty session is not overwritten.

I can see in the cookies that the expiration is fine, and host and path are correct.

What to try next?

[eluser]timpiele[/eluser]
I'm fighting the same problem.

CI Version 2.1.0

My application is running on a production server, Rackspace DVS (apache)...

When I browse to a new page I get a new session entry in the database. Here are my config settings:

Code:

$config['base_url'] = 'https://mydomain.be/';

Code:

$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration']  = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name']  = 'ci_sessions';
$config['sess_match_ip']  = TRUE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 300;

Code:

$config['cookie_prefix'] = "";
$config['cookie_domain'] = "mydomain.be";
$config['cookie_path']  = "/";
$config['cookie_secure'] = FALSE;

I have tried everything in this thread including the code to auto-set the base_url, setting match_ip and match_useragent to FALSE, setting sess_expiration to 7200 and 72000 and zero, I set the useragent database field to varchar 255...

the session library is autoloaded in config/autoload.php

any ideas?

[eluser]CroNiX[/eluser]
Not sure if it will help but try changing cookie_secure to TRUE (since you are using ssl)

encrypt_cookie should be TRUE if you are using database sessions, and in that case you also need to ensure your encryption key is also set.

[eluser]timpiele[/eluser]
My encryption key is set and I set both of those to TRUE but it still kicks out a new session row on page refresh.

Even if you just refresh the page you get a new row in the database.

How do I stack trace what's going on with the HTTP headers?