Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Session cookie expiry based on local time
Session cookie expiry based on local time
  • El Forum
    Guest
  •  
#1
08-02-2010, 02:00 PM

[eluser]WanWizard[/eluser]
In the session class, the expiry of the session cookie is defined as current server time + the defined expiry.
The PHP function Setcookie() is then used to create the cookie, which does a local time to GMT conversion.

Browsers however check the cookie expiry time against their local time, which can be different from the server time.

This poses an issue if there is more time between the server and the client than the defined expiration time. This causes the cookie to arrive at the browser with a time in the past, causing the cookie to expire immediately.

Solution, replace:
Code:
// Set the cookie
setcookie(
    $this->sess_cookie_name,
    $cookie_data,
    $this->sess_expiration + time(),
    $this->cookie_path,
    $this->cookie_domain,
    0
);

by

Code:
// Determine the expiration time
if ( $this->sess_expiration == 0 )
{
    // support end-of-session expiry too...
    $expiration = 0;
}
else
{
    $expiration = now() + $this->sess_expiration;
}

// Set the cookie manually to work around setcookie() local timestamp problem
header("Set-Cookie: ".$this->sess_cookie_name."=".$cookie_data."; path=".$this->cookie_path."; domain=".$this->cookie_domain."; expires=".($expiration==0?"0":(date("D, d-M-Y H:i:s",$expiration)." GMT")));
  • El Forum
    Guest
  •  
#2
08-15-2010, 07:43 PM

[eluser]CJL01[/eluser]
I'm developing from the US onto a server located in the UK, so I was pleased to find your post tackling the IE cookie expiry problem I was struggling with.

When I replace the text as suggested in libraries/Session.php as suggested though, the cookie that I appear to be creating is malformed (too short), which means I'm creating a new ci_sessions entry each time I move to a new page and in turn losing my user data.

Any suggestions?

Cookie created with new code:

Code:
a:4:{s:10:"session_id"
  • El Forum
    Guest
  •  
#3
08-16-2010, 02:26 AM

[eluser]WanWizard[/eluser]
Are you using database sessions or cookie sessions? I've only tested the first one, and haven't seen this issue so far.

Can you do a var_dump() of $cookie_data and post it here (via PM if you don't want it public) so I can have a look? Might be a few days though, I'm traveling at the moment...
  • El Forum
    Guest
  •  
#4
08-16-2010, 07:29 AM

[eluser]CJL01[/eluser]
I'm using database sessions. I think I partially resolved this by urlencoding $cookie_data which forms the content correctly and allows the cookie to work correctly with the db... at least on Firefox. Here is the cookie I now see on Firefox;

Code:
a:4:{s:10:"session_id";s:32:"e11c2ac0e347bc7be184ef02ea41adb8";s:10:"ip_address";s:11:"70.34.79.36";s:10:"user_agent";s:50:"Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv";s:13:"last_activity";s:10:"1281964868";}6edae689ed89106fa2e4f5c64e9d6795

While this works perfectly on Firefox, the same site viewed with IE doesn't work - the cookie doesn't appear to be registered at all.
  • El Forum
    Guest
  •  
#5
08-16-2010, 09:37 AM

[eluser]WanWizard[/eluser]
Maybe another difference: have you switched cookie encryption off?

I only use encrypted cookies, and that works file with all browsers I have at my disposal here. I'll try some testing without encryption.

EDIT: that's the issue. To fix it, in _get_cookie_data(), encode the data if no encryption is used:
Code:
// if encryption is not used, we provide an md5 hash to prevent userside tampering
$cookie_data = rawurlencode($cookie_data).md5($cookie_data.$this->encryption_key);




Theme © iAndrew 2016 - Forum software by © MyBB