• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Cookie management

[eluser]John Murowaniecki[/eluser]
Today we've received a feedback from a client relating an issue about admin login..

..Well, the system is very simple:
- first we create some session tokens and use them as field names on our login form;
- then if you load the page you'll have your tokens saved on your session and these
are the same that we've created before - they aren't change (except if you load the
login form again);
- we have basicly two methods on this controller: login() and auth().
Login: generate tokens and displays the form.
Auth : retrieve form posting and perform the user authentication based on the
previously generated tokens on login()

..Well, this is my code isn't important..
$j_code = $is_working = TRUE;

..And everything is working fine except the session: they're not setting tokens (for sure: my table `ci_sessions.user_data` is empty). So we run to my firebird resource inspector to see my cookies and they exist, but the user_data is also empty.

So this is the question: What is happening here?

The cookie exists, the session is setted but the user_data is empty.

Our config.php has this configuration..
$config['cookie_domain'] = "$_SERVER[SERVER_NAME]";
..So we did change to and empty string and everything works fine again - the firebug tells the correct cookie domain and the user_data is there.

..And this is the main question: Why? 'cos we don't know.

So using setcookie() with a domain value of www.example.com is not correct if www is a host name.
If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.

[eluser]John Murowaniecki[/eluser]
[quote author="InsiteFX" date="1332517852"]..If you want to restrict the cookie to a single host, supply the domain parameter as an empty string.[/quote]

..Dude, I didn't understand: if I have only one application on my domain and set the $config['domain_name'] to my domain isn't the same that set to an empty string? Both made a cookie with the correct domain.

..But I'm not sure about those configurations - and I need to read more about good pratices with cookies and security ('cos I think this isn't a secure way).

And my name is not Dude!

Then go to your ./application/config/config.php and set the cookie encryption item!

[eluser]John Murowaniecki[/eluser]
..Sorry, Sir. :cheese:

Well.. I must study how best to improve the management of my cookies on codeigniter. Whatever, though to be functioning properly I believe it has something unusual .. And it's not paranoia.

But thank you for your help.

Hi my session not work with firebird database... User_data not write. I installed database driver Carlos. When i open my web page session created, after write login and password, and last send user_data logged = TRUE; but after f5, my user_data erased...

Check to see if it is updating the ci_session table in your database.

After auth USER_DATA write in databse, but after f5 USER_DATA erased. Errors NOT displayed, logged, dumped.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.