Welcome Guest, Not a member yet? Register   Sign In
Session data disappearing on redirect
#1

[eluser]pornnarnold[/eluser]
I've got a rather serious problem with CI session data disappearing.
If I set userdata on one page, I can echo it out on the same page after I've set it no problem.
If I redirect to another page or if I just physically type in the address, the session data can no longer be called.

This was all working perfectly on our previous server. We've just moved to a new server and it no longer works.
I've tried it with or without the database, I've tried with and without encrypted cookies.
I've looked at the php server configuration and I can't see anything that I expect could be causing it but it must be a server configuration as I've used identical code on the old server for ages and never had a problem with it.

Interestingly, I've got sites using CI 1.7.2 using the exact same code and they work fine on the new server. The ones that seem to not work are using 2.0.2.

Here's the session config at the moment:

Code:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close']    = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']    = 300;

Records are being created in the database for the sessions.

Here's some test code from my home controller:

Code:
public function test()
    {
        
        $this->session->set_userdata('test', 'test');
        
        redirect('home/test2');
        
    }
    
    public function test2()
    {
        
        echo $this->session->userdata('test');

    }

If I load 'test' it redirects to 'test2' but does not display any data. If I turn off the redirect and echo the session userdata it displays 'test'.

Here is a snapshot of the 'session' module from my phpinfo.
As far as I can see it is identical to the previous server where it worked.

Code:
session

Session Support    enabled
Registered save handlers    files user
Registered serializer handlers    php php_binary wddx

Directive    Local Value    Master Value
session.auto_start    Off    Off
session.bug_compat_42    Off    Off
session.bug_compat_warn    On    On
session.cache_expire    180    180
session.cache_limiter    nocache    nocache
session.cookie_domain    no value    no value
session.cookie_httponly    Off    Off
session.cookie_lifetime    0    0
session.cookie_path    /    /
session.cookie_secure    Off    Off
session.entropy_file    no value    no value
session.entropy_length    0    0
session.gc_divisor    1000    1000
session.gc_maxlifetime    1440    1440
session.gc_probability    1    1
session.hash_bits_per_character    5    5
session.hash_function    0    0
session.name    PHPSESSID    PHPSESSID
session.referer_check    no value    no value
session.save_handler    files    files
session.save_path    /var/lib/php/session    /var/lib/php/session
session.serialize_handler    php    php
session.use_cookies    On    On
session.use_only_cookies    Off    Off
session.use_trans_sid    0    0

Here is the structure of my session table:

Code:
CREATE TABLE `ci_sessions` (
  `session_id` varchar(255) NOT NULL DEFAULT '0',
  `ip_address` varchar(255) NOT NULL DEFAULT '0',
  `user_agent` varchar(255) NOT NULL,
  `last_activity` int(10) unsigned NOT NULL DEFAULT '0',
  `user_data` text NOT NULL,
  PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

I increased the varchar limit to 255 for all fields just to make sure.

I load the session library in autoload.php.

I've checked the server time and it is currently correct.

I've tried this in Chrome, Firefox and IE and it works in none of them.

We're on PHP Version 5.3.6.

I've got full error reporting on and no errors are raised at any point.

Has anyone got any idea what could be different on the new server compared to the old server?
#2

[eluser]pornnarnold[/eluser]
I've been playing around with this and I've found that the cookie is being set and I can see the stored 'serialized' test data in the cookie array.
It is still not being returned by the session->userdata() function though.

Interestingly, if I print_r $this->session->all_userdata(), it tells me that the user_agent is "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) App". When I dump the $_SERVER array, my http_user_agent is "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.112 Safari/534.30".
So the user_agent part of the session data is being truncated.

Does anyone know if this is a feature of the session library or an error?

Edit: Looking through the session library, it does indeed limit the user_agent to 50 characters
#3

[eluser]pornnarnold[/eluser]
I think I've made a breakthrough!

When I print_r $this->session->all_userdata(), the session_id is different on every page load.

I tested the same code on one of the sites running the older version of CI and the session_id does not change with each page load.
I now just need to work out why the session_id keeps changing and I think I'll have the problem solved.
#4

[eluser]pornnarnold[/eluser]
Further progress, I've been debugging the Session library and I found that an error was causing sess_read to fail.

The log error was: 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'

What I've found from my hacking is that the cookie function of the input class is adding in slashes to the cookie data. As an example:

Code:
a:5:{s:10:\"session_id\";s:32:\"f322bbbc2aefde3ebf9e04e106f85ccc\";s:10:\"ip_address\";s:13:\"xx.xxx.xxx.xx\";s:10:\"user_agent\";s:50:\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) App\";s:13:\"last_activity\";i:1310311640;s:4:\"test\";s:4:\"test\";}

I've tried setting the cookie to encrypt which would bypass this validation check function but that made no difference, so the issue must run deeper than just this but I feel like I'm making progress.

Does anyone know why the $this->input->cookie() function would be adding in or not removing slashes?
#5

[eluser]InsiteFX[/eluser]
If you look at the bottom of the session library you will see that _serialize and _unserialize methods are adding and removing the slashes!

The array you are looking at is a serialized array.

InsiteFX
#6

[eluser]pornnarnold[/eluser]
Yep, I had a look through those but I can't work out why the slashes aren't being stripped.
If I echo the same data in one of the sites where my sessions work I see the same data but without the slahes.

Edit: I tried just adding echo serialize($data); before the return of _serialize and it gives me the serialized array but without slashes.
It's definitely something in the Input library affecting the cookie returned.
#7

[eluser]pornnarnold[/eluser]
Right, I haven't found the cause, but I've created a solution.

If I add in this line to line 139 of /system/libraries/Session.php:

Code:
$session = stripslashes($session);

Now my sessions work!

I'm going to keep trying to find out why this behaviour is occurring but for now, I'm just happy that I can put this temporary hack in so that my clients' sites will work.

I would love someone higher up to take a look at this and look into a solution because there appears to be a lot of people on this forum having issues with the Session library.
#8

[eluser]Unknown[/eluser]
I have the same problem (without using a database). I figured I would try some totally random stuff, I changed this in config.php and voila it works.
Code:
// $config['sess_encrypt_cookie'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
If I haven't missed something this surely seems to be a bug, and is probably related to your bug.

EDIT: misspelling on 'cookie'.
#9

[eluser]pornnarnold[/eluser]
I did try changing that one but it made no difference to my sessions unfortunately.
#10

[eluser]CodeIgniteMe[/eluser]
The reason why the slashes aren't appearing on your ouput is because php is 'escaping' the quotations of the data so that the quotations are safely saved into the database.

Anyway, did you check the database to see if the session was really set?
and did the data show up when you did a print_r $this->session->all_userdata()




Theme © iAndrew 2016 - Forum software by © MyBB