Cookie management |
[eluser]John Murowaniecki[/eluser]
Today we've received a feedback from a client relating an issue about admin login.. ..Well, the system is very simple: - first we create some session tokens and use them as field names on our login form; - then if you load the page you'll have your tokens saved on your session and these are the same that we've created before - they aren't change (except if you load the login form again); - we have basicly two methods on this controller: login() and auth(). Login: generate tokens and displays the form. Auth : retrieve form posting and perform the user authentication based on the previously generated tokens on login() ..Well, this is my code isn't important.. Code: $j_code = $is_working = TRUE; ..And everything is working fine except the session: they're not setting tokens (for sure: my table `ci_sessions.user_data` is empty). So we run to my firebird resource inspector to see my cookies and they exist, but the user_data is also empty. So this is the question: What is happening here? The cookie exists, the session is setted but the user_data is empty. Our config.php has this configuration.. Code: $config['cookie_domain'] = "$_SERVER[SERVER_NAME]"; ..And this is the main question: Why? 'cos we don't know.
[eluser]InsiteFX[/eluser]
So using setcookie() with a domain value of www.example.com is not correct if www is a host name. If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.
[eluser]John Murowaniecki[/eluser]
[quote author="InsiteFX" date="1332517852"]..If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.[/quote] ..Dude, I didn't understand: if I have only one application on my domain and set the $config['domain_name'] to my domain isn't the same that set to an empty string? Both made a cookie with the correct domain. ..But I'm not sure about those configurations - and I need to read more about good pratices with cookies and security ('cos I think this isn't a secure way).
[eluser]InsiteFX[/eluser]
And my name is not Dude! Then go to your ./application/config/config.php and set the cookie encryption item!
[eluser]John Murowaniecki[/eluser]
..Sorry, Sir. :cheese: Well.. I must study how best to improve the management of my cookies on codeigniter. Whatever, though to be functioning properly I believe it has something unusual .. And it's not paranoia. But thank you for your help.
[eluser]kichik[/eluser]
Hi my session not work with firebird database... User_data not write. I installed database driver Carlos. When i open my web page session created, after write login and password, and last send user_data logged = TRUE; but after f5, my user_data erased...
[eluser]InsiteFX[/eluser]
Check to see if it is updating the ci_session table in your database.
[eluser]kichik[/eluser]
After auth USER_DATA write in databse, but after f5 USER_DATA erased. Errors NOT displayed, logged, dumped. |
Welcome Guest, Not a member yet? Register Sign In |