Problem with losing session and ajax request

[eluser]gloosemo[/eluser]
For some reason I havent yet tried to figure out my user sessions are often terminated after a short time, while someone is perusing a page for example.

If a user clicks a link and the session is expired i can successfully reroute them to login again, however if they make an ajax request on the current page without clicking a link the ajax request fails because they often depend on session variables.

In the php script that answers the ajax call i put in the following code at the top:

Code:

if ( ! $this->session->userdata('uUN') )
     redirect('signin', 'location');

this works if a user clicks a link, but it does not work properly for ajax calls. IF it's an ajax call, the redirect is made without actually changing the page. What i need is for the entire page to change if the session is terminated and an ajax call is made.

Help? thanks

[eluser]Iszuddin Ismail[/eluser]
When ajax call, you can try calling a the full domain URL instead of just referring to just folder location. I had problem with Ajax logins one time. It worked on my real server but not on my test server. The difference is that my real server is on TL-domain, while my test server is on sub-domain. I change the AJAX call to use full domain URL with "http://" and that solved it.

[eluser]gloosemo[/eluser]
What do you mean, use the full url in the Javascript request? or in the PHP reroute statement? I don't understand how that would make a difference, because it sounds like you just didnt have the correct path and then fixed it. I have the correct path the call is made as it should be, just the codeigniter reroute has no effect in ajax calls from what I can tell....

Any other ideas on this? Cmon it must be a common problem user deletes their cookies for example then tries to click something on the page...

HELP!

[eluser]CroNiX[/eluser]
If you search in the forum, this is a well-known problem with ci, sessions and ajax. The problem is the session is expiring during one of the ajax requests, so it issues a new id to prevent session fixation, but that causes a session problem obviously. There are workarounds, like extending the session library to not update the session id if the request is made with ajax. There are examples if you search.

Another problem could be that you have CSRF enabled, but aren't sending in the CSRF token along in your ajax request.

[eluser]Iszuddin Ismail[/eluser]
True story, man... it's not a wrong path because I do get a response from my Ajax. I am trying to help and all that you have to do is try this.

In my case, it's for login. When the login is correct user will see a brief "Welcome" before redirect to the dashboard. I see the "Welcome", got redirected but was kicked out again. It's the like the session failed to be written.

I had problem like this last year, but nobody helped me in my thread. But later I solved it myself...

http://ellislab.com/forums/viewthread/197803/

This works!

Code:

$.post(
        'http://publisher.some-domain.com/ajuser/login', ...

This DID NOT!

Code:

$.post(
        '/ajuser/login', ...

[eluser]gloosemo[/eluser]
Sorry Iszuddin if I sounded a little frustrated, I value your help I just did not understand what you are saying.

I read your other post (thanks for the link) and i will give that a shot, and let you know how to goes.

Also thanks other dude for the post I'll see if i can keep session variables from recycling during ajax by checking for other posts.

[eluser]Matt S.[/eluser]
Since AJAX calls are created on a separate HTTP request, it won't do anything to the user's current page if you call a PHP redirect within that request. You need to handle the redirect in javascript; you could do something like so:

In your PHP script that's catching invalid sessions:

Code:

if ( ! $this->session->userdata('uUN') )
{
    if($this->input->is_ajax_request())
        $this->output->set_output('{"redirect":"signin"}');
    else
        redirect('signin', 'location');
}

Then in a jQuery.ajaxSetup function, you could do something like this:

Code:

$.ajaxSetup({
   success: function(data) {
      
       var obj = jQuery.parseJSON(data);

       // may have to put additional checks to see if var obj
       // is an actual object & that it has a redirect value
       if(obj.redirect === "signin") {
            window(dot)location = "http://www.example.com/signin";
       }
   }
});

Not the most graceful way to handle things, but it gives you something to work with. Btw, replace (dot) with an actual period. I had to replace it so the XSS filter wouldn't block the text.

[eluser]InsiteFX[/eluser]

Code:

<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* Created by PhpDesigner7.
* User: Ray
* Date: 7/31/2011
* Time: 12:20:15 AM
* To change this template use File | Settings | File Templates.
*/

/**
* ------------------------------------------------------------------------
* CI Session Class Extension for AJAX calls.
* ------------------------------------------------------------------------
*
* ====- Save as application/libraries/MY_Session.php -====
*/

class MY_Session extends CI_Session {

    // --------------------------------------------------------------------

    /**
     * sess_update()
     *
     * Do not update an existing session on ajax or xajax calls
     *
     * @access    public
     * @return    void
     */
    public function sess_update()
    {
        $CI = get_instance();

        if ( ! $CI->input->is_ajax_request())
       {
           parent::sess_update();
       }
    }

    // --------------------------------------------------------------------

    /**
     * sess_destroy()
     *
     * Clear's out the user_data array on sess::destroy.
     *
     * @access    public
     * @return    void
     */
    public function sess_destroy()
    {
        $this->userdata = array();

        parent::sess_destroy();
    }

}

// ------------------------------------------------------------------------
/* End of file MY_Session.php */
/* Location: ./application/libraries/MY_Session.php */