Welcome Guest, Not a member yet? Register   Sign In
Finding the suitable way to store CI session
#1

[eluser]Unknown[/eluser]
There are problems on storing session either on local or database on using CI.

For develop branch, CI provides two ways to store session, session_cookie (database) and session_native (local).

Since my website is ready to clustering, the session cannot be stored on local. I tried to use network drive, NFS, it seems that the result very bad, the website will sometimes hang.

Before using network drive, I tried to use database to store session by using session cookie. However, Codeigniter uses session rotation by default for security issue. Since my website does always use Ajax, the session will be destroyed due to race condition of connections result in mismatching of session id. Therefore the system will kick the login user out. I found no way to switch off the session rotation though I tune $config['sess_time_to_update'] to larger value, the problem still persists.

Any solutions to store session?
#2

[eluser]noideawhattotypehere[/eluser]
./application/libraries/MY_Session.php
Code:
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class MY_Session extends CI_Session
{

    function sess_update()
    {
       if ( !IS_AJAX )
       {
           parent::sess_update();
       }
    }

}

./application/config/constants.php
Code:
define('IS_AJAX', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');
#3

[eluser]Otemu[/eluser]
Hi,

A updated version of the one noideawhattotypehere you only need this:

Code:
<?php
class MY_Session extends CI_Session {

    /**
     * Update an existing session
     *
     * @access    public
     * @return    void
    */
    function sess_update() {
       // skip the session update if this is an AJAX call! This is a bug in CI; see:
       // https://github.com/EllisLab/CodeIgniter/issues/154
       // http://codeigniter.com/forums/viewthread/102456/P15
       if ( !($this->CI->input->is_ajax_request()) ) {
           parent::sess_update();
       }
    }
}

taken from https://github.com/EllisLab/CodeIgniter/issues/154
#4

[eluser]jonez[/eluser]
[quote author="ben.nsng" date="1383708860"]For develop branch, CI provides two ways to store session, session_cookie (database) and session_native (local).[/quote]
Both posts above are fixes for version 2.x, not version 3 (dev branch). The session library is now a driver so neither of those will work. Not touching the session if the call is done via AJAX isn't really a fix, all it does is delay the inevitable and creates additional security concerns.

As you mentioned, in CI3 the AJAX bug still exists in the cookie/DB session drivers. It is not present in the native PHP session driver, using the native driver will correctly keep a user signed in as long as they make AJAX calls.

That leaves you with two options, find a way to make native sessions work in your cluster or see if you can fix the long standing bug in the cookie driver. I'd lean towards option #1 since the AJAX session bug has been present for a long time and I assume if it was an easy fix it would have been done long ago.




Theme © iAndrew 2016 - Forum software by © MyBB