• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[split] ajax killing sessions?

#1
Sorry if this is off topic, but I am having issues with Ajax requests killing sessions.  I have read that its intention to stop session hijacking or something similar, but its ruining my user experience.  I have moved to using ajax queue systems but I still get the odd complaint.  I am guessing this is when there are queued requests and the person moves to another page.  Is there a way to disable that in CI 3.x?
Reply

#2
You can try this:

PHP Code:
/**
 * ------------------------------------------------------------------------
 * CI Session Class Extension for AJAX calls.
 * ------------------------------------------------------------------------
 *
 * ====- Save as application/libraries/MY_Session.php -====
 */

class MY_Session extends CI_Session {
    
    
/**
     * sess_update ()
     * --------------------------------------------------------------------
     *
     * Do not update an existing session on ajax or xajax calls
     *
     * @access    public
     * @return    void
     */
 
   public function sess_update()
    {
        
$ci get_instance();

        if ( ! 
$ci->input->is_ajax_request())
        {
            
parent::sess_update();
        }
 
   }

}    
// End of MY_Session Class.

/* ------------------------------------------------------------------------
 * Filename: MY_Session.php
 * Location: ./application/libraries/MY_Session.php
 * ------------------------------------------------------------------------
 */ 
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
Thanks for the response.  I have included it like this 

$autoload['libraries'] = array('database','session','my_session');

Now I get this error:

Severity: Warning
Message: ini_set(): A session is active. You cannot change the session module's ini settings at this time
Filename: Session/Session.php
Line Number: 313



Any help would be awesome, thanks in advance.
Reply

#4
To use the code the other user posted put the MY_Session.php file here: /application/libraries/Session/MY_Session.php and remove 'my_session' from autoload. It's an overload not a new library. That code stops AJAX requests from updating the session so if you are building a single page app all of your requests will start failing after your session expiration time has elapsed.

The core part of our app is a single page app and we have no such issues. You shouldn't need to overload the session library in that manner. Are users idling on a single page app then being logged out due to inactivity? Run a ping on a timer to keep the session alive.
Reply

#5
Thanks for your answer!  I have made the changes you suggested.  My only question now is, do I just load it in the auto like this:

$autoload['libraries'] = array('database','session');
I have done that and see no errors, I am just double checking? 
My app is not a one pager, its several pages, but there can be multiple requests sent at the same time as much as we have tried to ensure a queue some ajax requests are still causing the session to die.
Reply

#6
Yes, with that file in the location I specified you autoload 'session', CI see's MY_Session then uses that which extends the base session library and overloads the method defined in the new file. AJAX calls should not break your session unless one of them is closing it. Whats the error you're getting?

For reference our app uses both a queue for long running requests and 3+ subdomains to bypass the 2-per-domain concurrent AJAX request limit. It is normal for 5-10 concurrent requests to be running at any given time and we do not have any issues related to sessions closing.

We're moving to websockets for sanity sake but there's no reason concurrent AJAX requests should kill your session unless there's an unrelated bug somewhere. It's more likely you have a concurrency issue with database actions (deadlocks, timeouts from locks, etc).

What session driver are you using?
Reply

#7
Thanks for your response.  I am using the database driver and I am using MySQL -> MySQLi  

I think you might be right about ajax.  Here are my settings.  I am thinking about trying memecache or redis (I am running on AWS) so those options are pretty easy to get.  Any thoughts?

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] ='ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = false;
$config['sess_expire_on_close'] = FALSE;

Thanks in advance!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.