Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Cookie management
Cookie management
  • El Forum
    Guest
  •  
#1
03-23-2012, 06:18 AM

[eluser]John Murowaniecki[/eluser]
Today we've received a feedback from a client relating an issue about admin login..

..Well, the system is very simple:
- first we create some session tokens and use them as field names on our login form;
- then if you load the page you'll have your tokens saved on your session and these
are the same that we've created before - they aren't change (except if you load the
login form again);
- we have basicly two methods on this controller: login() and auth().
Login: generate tokens and displays the form.
Auth : retrieve form posting and perform the user authentication based on the
previously generated tokens on login()

..Well, this is my code isn't important..
Code:
$j_code = $is_working = TRUE;

..And everything is working fine except the session: they're not setting tokens (for sure: my table `ci_sessions.user_data` is empty). So we run to my firebird resource inspector to see my cookies and they exist, but the user_data is also empty.

So this is the question: What is happening here?

The cookie exists, the session is setted but the user_data is empty.

Our config.php has this configuration..
Code:
$config['cookie_domain'] = "$_SERVER[SERVER_NAME]";
..So we did change to and empty string and everything works fine again - the firebug tells the correct cookie domain and the user_data is there.

..And this is the main question: Why? 'cos we don't know.
  • El Forum
    Guest
  •  
#2
03-23-2012, 08:50 AM

[eluser]InsiteFX[/eluser]
So using setcookie() with a domain value of www.example.com is not correct if www is a host name.
If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.

  • El Forum
    Guest
  •  
#3
03-26-2012, 01:24 PM

[eluser]John Murowaniecki[/eluser]
[quote author="InsiteFX" date="1332517852"]..If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.[/quote]

..Dude, I didn't understand: if I have only one application on my domain and set the $config['domain_name'] to my domain isn't the same that set to an empty string? Both made a cookie with the correct domain.

..But I'm not sure about those configurations - and I need to read more about good pratices with cookies and security ('cos I think this isn't a secure way).
  • El Forum
    Guest
  •  
#4
03-26-2012, 02:06 PM

[eluser]InsiteFX[/eluser]
And my name is not Dude!

Then go to your ./application/config/config.php and set the cookie encryption item!
  • El Forum
    Guest
  •  
#5
03-27-2012, 02:07 PM

[eluser]John Murowaniecki[/eluser]
..Sorry, Sir. :cheese:

Well.. I must study how best to improve the management of my cookies on codeigniter. Whatever, though to be functioning properly I believe it has something unusual .. And it's not paranoia.

But thank you for your help.
  • El Forum
    Guest
  •  
#6
06-12-2012, 08:43 PM

[eluser]kichik[/eluser]
Hi my session not work with firebird database... User_data not write. I installed database driver Carlos. When i open my web page session created, after write login and password, and last send user_data logged = TRUE; but after f5, my user_data erased...
  • El Forum
    Guest
  •  
#7
06-13-2012, 03:38 AM

[eluser]InsiteFX[/eluser]
Check to see if it is updating the ci_session table in your database.
  • El Forum
    Guest
  •  
#8
06-13-2012, 03:48 AM

[eluser]kichik[/eluser]
After auth USER_DATA write in databse, but after f5 USER_DATA erased. Errors NOT displayed, logged, dumped.




Theme © iAndrew 2016 - Forum software by © MyBB