I am using CI for a login and session management on a site. For some reason only on the production server, not the development stack, the session data is being altered.
These are abridged versions of my code:
PHP Code:
<?php
class User extends CI_Controller {
public function login() {
$this->form_validation->set_rules('username', 'Username', 'required|trim|max_length[16]|xss_clean');
$this->form_validation->set_rules('password', 'Password', 'required|trim|xss_clean');
if ($this->form_validation->run() == FALSE)
{
$data['site_title'] =$this->config->item('site_title');
$this->load->view('view_login');
}
else
{
extract($_POST);
$user = $this->Model_user->check_login($username, $password);
//the above model check_login function queries the database and,
//if a match, returns an array:
//$userdata = array (
// 'id' => $result->row(0)->id,
// 'first_name' => $result->row(0)->first_name,
// 'last_name' => $result->row(0)->last_name,
// 'email' => $result->row(0)->email,
// 'edit' => $result->row(0)->edit,
// 'logged_in' => 1;
// The array is being returned
if (!$user) {
// log-in failed
$data['site_title'] =$this->config->item('site_title');
$this->load->view('view_login', $data);
} else {
//log in success; proceed to session
$user['logged_in'] = TRUE;
$this->session->set_userdata($user);
//did debugging (see below) here
redirect('display');
}
}
}// login
//abridged version of Controller Display:
class Display extends CI_Controller {
public function index(){
//did debugging (see below) here
if ($this->session->userdata('logged_in')) {
redirect('display/movies');
} else {
$this->load->view('view_login');
}//if
}//index
To debug what is happening, I used the following at the above mentioned points in my code:
PHP Code:
$array = $this->session->all_userdata();
echo '<pre>';
print_r($array);
echo '</pre>';
die();
At the end of login the session user data is as it should be:
Code:
userdata at user->login
Array
(
[session_id] => 0e9a5b9befc7be8cb299f185fcaad4af
[ip_address] => <an IP address>
[user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
[last_activity] => 1431699339
[user_data] =>
[id] => 1
[first_name] => <a first name>
[last_name] => <a last name>
[email] => <an e-mail address>
[edit] => 1
[logged_in] => 1
)
However that is not the session data returned at display->index:
Code:
Array
(
[session_id] => 2e5705108e2082f168cdb6536fbdec17
[ip_address] => <an IP address equal to the one above>
[user_agent] => Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
[last_activity] => 1431699167
[user_data] =>
)
I have reviewed the documentation for sessions and can tell that the sessions library is set to load through the autoloader. The sessions section of config.php is untouched with one exception:
Code:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_expiration'] was set to 0 for purposes of debugging.
An encryption key is set even though I am not opting to encrypt the cookie. The mcrypt extension is installed and functioning on the server.
I am really baffled by this and hope someone can provide what to do.
