• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Dropped Sessions on Live Site

#1
[eluser]colinwee[/eluser]
I have a small ecommerce site built on CI 1.7.2 on a sharedhosting environment. We've noticed that sometimes purchases are going through to our payment gateway without session or user details. Or at least with incomplete details. The often occurring error is when a transaction is replaced by UID=0 (the userid being '0'). Sometimes users have problems logging into the site. At other times, some purchases have been put through using system generated credit, where no credit was available to that user. I've copied some of the session preferences from config.php below. What do you think I need to do to resolve this issue?

Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

/*
|--------------------------------------------------------------------------
| Base Site URL
|--------------------------------------------------------------------------
|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
*/
$config['base_url'] = "http://www.MyCompany.com.au/";

/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean).  Whether to encrypt the cookie
| 'session_expiration'  = the number of SECONDS you want the session to last.
|  by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
| 'time_to_update'  = how many seconds between CI refreshing Session Information
|
*/
$config['sess_cookie_name']  = 'session';
$config['sess_expiration']  = 7200;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name']  = 'ci_sessions';
$config['sess_match_ip']  = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

/*
|--------------------------------------------------------------------------
| Time Settings
|--------------------------------------------------------------------------
*/
date_default_timezone_set('Australia/Perth');


/*
|--------------------------------------------------------------------------
| Index File
|--------------------------------------------------------------------------
|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = "";

/*
|--------------------------------------------------------------------------
| URI PROTOCOL
|--------------------------------------------------------------------------
|
| This item determines which server global should be used to retrieve the
| URI string.  The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO'   Default - auto detects
| 'PATH_INFO'  Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI'  Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = "AUTO";

/*
|--------------------------------------------------------------------------
| URL suffix
|--------------------------------------------------------------------------

| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://ellislab.com/codeigniter/user-guide/general/urls.html
*/

$config['url_suffix'] = "";

/*
|--------------------------------------------------------------------------
| Default Language
|--------------------------------------------------------------------------
|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = "english";

/*
|--------------------------------------------------------------------------
| Default Character Set
|--------------------------------------------------------------------------
|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = "UTF-8";

/*
|--------------------------------------------------------------------------
| Enable/Disable System Hooks
|--------------------------------------------------------------------------
|
| If you would like to use the "hooks" feature you must enable it by
| setting this variable to TRUE (boolean).  See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;


/*
|--------------------------------------------------------------------------
| Class Extension Prefix
|--------------------------------------------------------------------------
|
| This item allows you to set the filename/classname prefix when extending
| native libraries.  For more information please see the user guide:
|
| http://ellislab.com/codeigniter/user-guide/general/core_classes.html
| http://ellislab.com/codeigniter/user-guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';


/*
|--------------------------------------------------------------------------
| Allowed URL Characters
|--------------------------------------------------------------------------
|
| This lets you specify with a regular expression which characters are permitted
| within your URLs.  When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';

#2
[eluser]colinwee[/eluser]
We thought this was a session drop issue, but unfortunately no one responded to my thread.

I took the initiative to drop in on the CI IRC channel, and was very happy to chat with n0xio who didn't think it was a session drop issue at all.

He suggested one small fix, and our problems have not recurred at all in over a week!

I am extremely grateful for his time, and expertise.

Colin

#3
[eluser]kgolding[/eluser]
What was this small fix please?

#4
[eluser]colinwee[/eluser]
It was the cookie expiration time in config.php. We increased it from 2 hours to 24 hours.

The UID=0 problem seems to have abated. There are still other issues that are somewhat concerning (transactions going through on credit where user doesn't have any credit), but this was a nice and simple fix.

Colin

#5
[eluser]kgolding[/eluser]
Thank you.

#6
[eluser]skunkbad[/eluser]
I don't know if it is the case here, but I've worked on projects where the user was on the other side of the world. Their timezone was so far away from the server timezone that the cookie instantly expired. It sounds like that may be the case here. If you can detect the user's timezone then you may be able to set a custom expiration date, but I've done just as you have, which is to set the cookie expiration out to XX hours.

#7
[eluser]colinwee[/eluser]
Yeah - unfortunately, this problem occurred again at the beginning of this week. So while the cookie expiration time significantly reduced the incidence of the problem, it didn't totally resolve it. Colin


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.