• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
session library bug?

#1
[eluser]kaff[/eluser]
Is there still a session library bug in 1.5.4?
I am having the following troubles:
I have recently added FreakAuth to my application which has forced me to store session data in a db table.
Since this change every time I click a link or refresh from my site, a new session is created, dumping my session data.
The symptoms are actually very similar to this guy and this guy. Another similarity is that we are both using suse 10.2 + firefox. However this error is said to be caused by having match user agent set to true in the config file and storing the session data in the db. And as you can see from the piece of my config file below, I am not matching the user agent.
Code:
$config['sess_cookie_name']     = 'cookiename';

$config['sess_expiration']      = 7200;

// true is better for security reasons
$config['sess_encrypt_cookie']  = TRUE;

// DB_session (that FAL uses) needs to use the database
$config['sess_use_database']    = TRUE;

$config['sess_table_name']      = 'ci_sessions';

// those settings will improve security but are sometimes too restrictive
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = FALSE;

So do I have a different problem / encountered a different bug?
Does anyone else have this problem With a similar setup to my own?
Has this already been resolved in another thread and I've just made a stupid post?
Does anyone have a possible solution?

I'm using CI 1.5.4 and FAL 1.1 on Suse 10.2 + firefox with php 5

#2
[eluser]CI miller[/eluser]
Firefox as well as IE have problems with localhost cookies. If you are working localy use 127.0.0.1 instead.
I use Opera and I don't have a problem but when I need to test in FF or IE the sessions don't work until I remember to switch from localhost to 127.0.0.1. Maybe that's your problem too

#3
[eluser]Michael Wales[/eluser]
When working on localhost, ensure the following settings in config.php. Plus, I've never had an issue with using localhost (as oppposed to 127.0.0.1):

Code:
$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']        = "/";

#4
[eluser]kaff[/eluser]
Thanks for the response guys. I appreciate it.
Unfortunately I'm still having the problem.
My config.php is as you said walesmd.
Also I'm using an ip (not localhost) and I have the same problem in opera which says to me that I do not have the problem you mentioned CI miller.

I think that I have narrowed the problem down to FreakAuth though. I dumped my site in a new installation of CI with sess_use_database set to true and it works fine. I did the same thing with a FreakAuth enabled CI installation and the problem is still there. Strangely FreakAuth does not seem to suffer from the same problems. It's only when I add data to the session variable in my own code and then refresh the page (or go to another page in my front controller) that a new session is created and my data in the session variable lost.
The session db table shows that new session id's are being created. Sometimes its an extra 3 or 4! But only in my code. The same code works fine when FreakAuth is not present.

Does anyone know why FreakAuth has broken my code?

#5
[eluser]ballen[/eluser]
Doesn't FreakAuth use the DBSession library, not the default CI? Maybe your problem is something to do with that :-S

#6
[eluser]kaff[/eluser]
Sounds like you're onto something there. It seems FAL does use DBSession.
This could have been a useful piece of information to have in the FreakAuth documentation.
But can't the two libraries work side by side? I dont really see why not. But then I don't really know much about DBSession.
So I suppose I have to go through my application and change every reference to the default ci session library?! That's going to be a headache. If anyone can confirm that this is necessary before I do it that would be great.

I won't be able to do this for a few days because my week is officially over, but when I've sorted it out I'll post if it fixed my problem. (And also recommend to the FreakAuth ppl that an addition be made to their documentation)

Thanks for your help, it's appreciated.

#7
[eluser]kaff[/eluser]
Changed everything to db_session and it works fine.

Thanks for the help.

#8
[eluser]Grahack[/eluser]
[quote author="kaff" date="1190900798"]
This could have been a useful piece of information to have in the FreakAuth documentation.[/quote]

We'll try to be clearer in the next release...
Thanks pointing the issue.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.