Problems with session surprised?

#1
[eluser]opterons[/eluser]
Ok, I have been looking at all the posts with users having problems with the session library now I will say I have had a couple snags here and there. Every thing seems to work out in the end. But now for the problem that I am currently having. I looked at the session library and I noticed that it does a series of checks to check to see if the session expires, weather the ip's match ect. ect. But when I changed my config['sess_expiration'] to 3 just to see what happens.

I first logged into my site (offline currently) counted to 3 and refreshed my site blam I'm logged out I'm thinking great it works nice! But when I did some checking I found that the client side session (cookie) was destroyed but not the server side (database). Further more checking I found that now since the expiration is set so low it is now bombarding the db with garbage from the sessions being logged in but not logged out (destroyed). Is it just me but am i the only one that has noticed this? here is some things that might help ya guys decipher my problem if you need something else just let me know.

Libraries>Session.php line 238:
Code:
else
            {
                $row = $query->row();
                if (($row->last_activity + $this->sess_length) < $this->now)
                {
                    $this->CI->db->where('session_id', $session['session_id']);
                    $this->CI->db->delete($this->session_table);
                    $this->sess_destroy();
                    return FALSE;
                }
            }
The above code is where i believe it is suppose to delete the row from the db but seems like it does not work.

Here is my config settings for session:
Code:
/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
*/

$config['sess_cookie_name']        = 'wz_session';
$config['sess_expiration']        = 3;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'wz_sessions';
$config['sess_match_ip']        = TRUE;
$config['sess_match_useragent']    = TRUE;

/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
*/

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "";
$config['cookie_path']        = "/";

Here is some technical info about the server the site is currently on for development:

OS: Linux
Apache vs: 2
PHP version: 5
MySQL version: 5

Any help or suggestions would be greatly appreciated.

-Bryan

#2
[eluser]Rick Jolly[/eluser]
Check out sess_gc() in the session library (it has the db garbage collection). It isn't run every time a session is destroyed since that would mean more database hits.

#3
[eluser]opterons[/eluser]
Thanks for the help, it worked out with your guidance.

Technical notes:
Code:
$config['sess_probability']     = 25; //must be a percentage 0 - 100 makes clearing the session more probable
I added this line of code to the session section so now i can configure how often i want ci to check that table for garbage then clear it.

Then i changed this line of code in root>system>libraries>session.php->function sess_gc()
from:
Code:
if ((rand() % 100) < $this->gc_probability)//line roughly 389
to:
Code:
if ((rand() % $this->CI->config->item('sess_probability')) < $this->gc_probability)

Now this option is configurable via system>application>config>config.php Smile.

-Bryan

#4
[eluser]mrbinky3000[/eluser]
FACT: CodeIgniter's Session Class is NOT RELIABLE.

CI's session class uses cookies. The cookies they write are standards-compliant, but don't work with IE. So, the problem is with CI's refusal to work around IE's non-standards-compliant handling of cookies. Meanwhile, the rest of us have to suffer because of CI's refusal to get off their high-horse and make something that works in the REAL WORLD.

Check out this thread for a working solution.
http://ellislab.com/forums/viewthread/130577/#669025

Also in the wiki.
http://codeigniter.com/wiki/Dariusz_Debo...ion_Class/

Please contribute to Dariusz Debowczyk's Session Class. My hope is that enough of us can get together and make a session class that works.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.