Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming CodeIgniter sessions expiring unexpectedly
CodeIgniter sessions expiring unexpectedly
  • El Forum
    Guest
  •  
#1
08-15-2011, 02:45 PM

[eluser]Panthr[/eluser]
I made a simple login mechanism for CodeIgniter using the session library. The session seems to randomly expire, kicking the user back to the login page. Here is my session config:

Code:
$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 60*60*24;
$config['sess_expire_on_close']    = TRUE;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']    = 300;

I haven't been able to reproduce the error, it seems to happen where ever and whenever it wants. I've been Googling, but haven't been able to find anybody with a problem similar to mine.
  • El Forum
    Guest
  •  
#2
08-15-2011, 03:19 PM

[eluser]jblack199[/eluser]
I left my sess_expiration @ 7200 personally, and in my code i check for time()-3600

Code:
function valid_admin()
    {
        if ($this->session->userdata('intime') == '' && $this->uri->segment(2) != "login" && $this->uri->segment(2) != "logout") {
            $login = "0";
            return $login;
        } else if ($this->session->userdata('intime') < time()-3600 && $this->uri->segment(2) != "login") {
            $this->session->sess_destroy();
            $login = "You have been idle for at least 3600 seconds, please login again.";
            $this->session->set_userdata('err', $login);
        } else {
            $query = $this->db
            ->where('email', $this->session->userdata('email'))
            ->where("password like binary '".$this->session->userdata('password')."'", NULL, FALSE)
            ->where('usergroup', '3')
            ->where('status', '1')
            ->get('users');
            $cnt = $query->num_rows();
            if ($cnt < 1) {
                $this->session->sess_destroy();
                $login = "There was a problem validating your credentials. Please login again";
            } else {
                foreach ($query->result() as $row){
                $this->session->set_userdata('email', $row->email);
                $this->session->set_userdata('password', $row->password);
                $this->session->set_userdata('fname', $row->firstname);
                $this->session->set_userdata('lname', $row->lastname);
                $this->session->set_userdata('usergroup', $row->usergroup);
                $this->session->set_userdata('status', $row->status);
                $this->session->set_userdata('intime', time());
                $this->session->set_userdata('logged_in', TRUE);            
            }
                $login = "1";
            }
        }
        return $login;
    }

Although i just noticed I missed a session set to produce an error... I have this in a model, i tried doing it in a helper but it didnt work...

so in every controller i run:

Code:
function __construct()
    {
        parent::__construct();
        $this->load->model('loginmodel');
        $valid = $this->loginmodel->valid_admin();
        if ($valid != 1){
            $this->data->session['err'] = $valid;
            redirect('adm/login/', 'refresh');
        }
    }

and so far it seems to work fine.. only difference is, you're using a database and im not.
  • El Forum
    Guest
  •  
#3
08-15-2011, 03:34 PM

[eluser]Panthr[/eluser]
Thank you for the reply, but that doesn't answer my question. CodeIgniter session's are magically disappearing. I'll explain my application a bit more in depth:

I have a simple single-user administration panel. Once the user logs on:

Code:
$this->session->set_userdata('admin', true);

(I hope CodeIgniter sessions w/ databases are secure enough to avoid forging this data)

Each page checks to make sure the user is logged in:

Code:
function _remap($method, $params = array()) {
        if(!$this->session->userdata('admin') && $method!='login') {
            redirect('/admin/login');
            exit;
        }
        $this->$method($params);
    }

Quite simple, and I would think very little room for error. However, the session seems to be disappearing, since the user will be booted back to the login page unexpectedly. There is no pattern I've noticed; no way to isolate the error.
  • El Forum
    Guest
  •  
#4
08-15-2011, 03:42 PM

[eluser]jblack199[/eluser]
I had similar issues constantly (outside of CI) before i took into account all the options available for needing to be redirected or not redirected and rewrote my valid_admin function to take everything into account it all seemed to work.. so perhaps its your _remap function that you need to look at (most definately is) and see whats happening and why its happening....

print_r($this->session); might provide some interesting information as to whats going on and why.

odds are its not actually 'expiring', there is just some other sort of issue causing it to do that.. ie: if _remap is in a helper i personally had issues running $this inside the helper causing it to not read my session at all.
  • El Forum
    Guest
  •  
#5
08-15-2011, 04:02 PM

[eluser]Panthr[/eluser]
Alright, I've added changed up the code:

Code:
4         function _remap($method, $params = array()) {
  6                 log_message('debug', 'Session: '.print_r($this->session->userdata, true));
  7
  8                 if(!$this->session->userdata('admin') && $method!='login') {
  9                         log_message('debug', 'Login redirect');
10                         redirect('/admin/login');
11                         exit;
12                 }
13                 $this->$method($params);
14         }

When it occurs again I'll go sniffing around the logs and see if what's going on.
  • El Forum
    Guest
  •  
#6
08-16-2011, 12:57 PM

[eluser]Matt Stein[/eluser]
I'm also having issues with CodeIgniter sessions just disappearing and am not sure how to best troubleshoot. I'm not using _remap like you guys, though.

Code:
$config['sess_cookie_name'] = 'app_name';
$config['sess_expiration'] = 28800; // 8 hours
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update'] = 900;

The expiration time doesn't seem to have any effect -- it's been set to 7200, 0, and now 28800 and the problem persists. (Tested each time for a period of about a week.)




Theme © iAndrew 2016 - Forum software by © MyBB