Welcome Guest, Not a member yet? Register   Sign In
Multiple session entries
#1

[eluser]Unknown[/eluser]
I saw another post similar to this but didn't want to hijack their thread.

I seem to be having a problem with multiple sessions being created for a few users.
When they hit my site it stores a session for them in the database. In the process of
them logging in it will create several more sessions for them and one of them will have
there session info (username, user_id, etc) saved as user_data in ci_sessions table.

My authentication required pages check for valid user info in the sessions table, but for this
user it never matches and redirects them back to the login page. Im assuming it's picking up
a new session for them and nothing is set.

I had the user go to a separate website that tests cookie storage and it seemed to work fine for them.

Is there anything else that would cause this behavior besides failing to set the cookie on their end?
Could there be something wrong with my site setting cookies? Or maybe im just doing something wrong?

Code:
$config['sess_cookie_name']        = 'foosession';
$config['sess_expiration']             = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']       = TRUE;
$config['sess_table_name']          = 'ci_sessions';
$config['sess_match_ip']               = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']    = 300;

$config['cookie_prefix']        = "";
$config['cookie_domain']        = "foodomain.com";
$config['cookie_path']          = "/";
$config['global_xss_filtering'] = TRUE;

// also have
$autoload['libraries'] = array('session','database');
I tried with sess_match_ip and sess_match_useragent set to FALSE also.
And my cookie_domain does match my domain. I just changed the name to protect the innocent Smile

Thanks,
-Zee
#2

[eluser]tomcode[/eluser]
what I can see :

Code:
// may cause multiple sessions for one visitor if set to true
$config['sess_match_ip']               = TRUE;

// allow all sub domains (www !) by prefixing with a point, else may cause multiple sessions for one visitor, are Your addresses clean w / wo www ?
$config['cookie_domain']        = ".foodomain.com";
#3

[eluser]Unknown[/eluser]
[quote author="tomcode" date="1294795570"]what I can see :

Code:
// may cause multiple sessions for one visitor if set to true
$config['sess_match_ip']               = TRUE;

// allow all sub domains (www !) by prefixing with a point, else may cause multiple sessions for one visitor, are Your addresses clean w / wo www ?
$config['cookie_domain']        = ".foodomain.com";
[/quote]

I originally had sess_match_ip set to FALSE and it would do the same thing. I thought maybe setting it to TRUE would help.
The users ip address is not changing though. I should probably set it back to FALSE.

I could try changing the cookie_domain to include the period prefix. I'm pretty sure the user is just going to the domain without www.
All my links do not have www in them. The login form also posts to the domain without www.
But if it won't hurt anything I can simple add the period any ways.
#4

[eluser]tomcode[/eluser]
Another thing to watch is sess_time_to_update :
it renews the session data, i.e. the session id is changed. This gave me some weird issues on ajax powered sites.
Sorry to be no more precise, can't recall the exact stuff. Got rid of it by refreshing the session with every page call, so far ...
#5

[eluser]pickupman[/eluser]
I had this same issue. I used WanWizard's session library he posted in the [url="http://ellislab.com/forums/viewreply/811009/"]forums[/url]. As pointed in this thread and the other is session rotation. During garbage collection some session are not updated, sometimes caused by concurrent requests.

After using his session library my issue went away.




Theme © iAndrew 2016 - Forum software by © MyBB