• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Problems with Encrypted CI Session

I set the following flashdata:

$this->session->set_flashdata('my_data', $my_data);

Then, on the next page, I am able to access it via:

var_dump ($this->session->flashdata('my_data'));

However, when I enable encryption, all I get from the var_dump is a false. This makes the session data useless, of course. What is going on? How am I supposed to access encrypted session data?

Have you set an encryption key in config.php?

| Encryption Key
| If you use the Encryption class or the Session class you
| MUST set an encryption key.  See the user guide for info.
$config['encryption_key'] = '';

No. I went ahead and set the encryption key, but still getting the exact same results. Any other ideas?

Are you using cookie-only sessions? And if so, are you storing a lot of data?

Cookies have a maximum size of 4Kb. If you encrypt the data, the data increases in size. If it exceeds 4Kb, the cookie gets truncated, which means it can't be decrypted anymore, and all data is lost.

At this point, I am only storing one variable: a database id (e.g. "1"). Any other ideas @WanWizard?

Failing a more elegant solution, you could use:
$this->session->set_userdata('my_data', $my_data)
and then retrieve it on the next page and then unset it immediately (which is essentially what flash data does):
$retrieved_data = $this->session->userdata('my_data');

@matt.asbury: I suppose that could be the fallback solution. I'm more inclined to think that I am doing something wrong than to believe this is a bug in CI. Have you ever used flashdata?

I have but never through SSL. I would assume as long as your are not performing an interim redirect between pages then you shouldn't have issues. If you are using a redirect, e.g.

page1 (set flashdata)
page2 (check some value and redirect)
page3 (retrieve flashdata fails because of the redirect)

then of course this will fail but you can counteract this using:
at the page2 stage just before the redirect.

Remember a redirect would include switching from http:// to https://

Doh! That's it.

I am using flashdata to store validation errors. On submit, I have a method that runs the validation, then on failure does this:

header('Location: ' . base_url() . 'index.php/frontend/signup/');

Thus, when the page is loaded again, I no longer get the flashdata. Makes sense. Your suggestion to use keep_flashdata worked, too. Thanks.

Now, I am wondering: what is the proper way to load the same page when validation error occurs? I'm guessing my header redirect approach is not the "proper" way, though it works.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.