• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Lost session

Hey all, I'm experiencing the same issues, although I'm not working with any customized code that sets session data. Just enabling the default session functionality like so:

$config['sess_cookie_name']        = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']         = 300;

The odd thing is, if I rapidly hit "Refresh" 10 times, and then go to the DB, there will be 10 unique rows in ci_sessions, each from my IP address. This caught my attention when I noticed there were 153 unique entries in ci_session (all from myself)!

I'm also seeing: "The session cookie data did not contain a valid array. This could be a possible hacking attempt." in my logs.

It's as if CI for some reason completely forgets to check if a session has already been established and just adds it as if it were new.

Not a huge show stopper yet, but kind of annoying. Any thoughts on how to go about fixing this?

Screenshot of the madness: http://drop.io/tschultz55/asset/ci-session-error

Thanks for the help!

Some more digging around with Wireshark to see what's going on at the packet level:

GET /index.php/feed/details HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: ci_session=KNZJYA3l8XU1QTH2LkS321teENRPxsSHpHoyQO8NpPkNl....................
Cache-Control: max-age=0

HTTP/1.1 200 OK
Date: Thu, 31 Jul 2008 01:57:23 GMT
Server: Apache/2.2.8 (Win32) PHP/5.2.5
X-Powered-By: PHP/5.2.5
Set-Cookie: ci_session=deleted; expires=Wed, 01-Aug-2007 01:57:22 GMT; path=/
Set-Cookie: ci_session=8c18a72b4e01ce7f2852a3f19761c2b6; expires=Thu, 31-Jul-2008 03:57:23 GMT; path=/

Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

Looks like the ci_session is being nuked upon each response......

[quote author="Derek Allard" date="1213903943"]can you share the code you are using to generate the cookie in question? I'd like to see if I can reproduce. Which version of PHP?[/quote]

have similar issue @ http://ellislab.com/forums/viewthread/89070/

this topic is kinda old, but its my only google hit. I guest this issue is still bothering some people, so I've decided to write my story:

- // CI Version
define('CI_VERSION',    '1.7.0');

- from my config.php file:

$config['sess_cookie_name']    = 'some_name';
$config['sess_expiration']    = 28800;//8h
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']    = 'ci_sessions';
$config['sess_match_ip']    = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 300;

$config['cookie_domain']    = ".domain.com";
$config['cookie_prefix']    = "";
$config['cookie_path']    = "/";

- from time to time (its session time and current url/action independent) session is being lost
- my LOG is on
$config['log_threshold'] = 1;
- and I can see lots of this:
Quote:unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset 176 of 176 bytes /xxx/xxx/xxx/system/libraries/Session.php 708
- after searching php.net I've found this comment:
Quote:for those who has error like "
error at offset .."

but doesn't know why.

This function might be usefull

$sObject3 = 'a:2:{i:0;s:1:"1";i:1;s:3654:"1a1dc91c907325c69271ddf0c944bc72";}';

print_r( __unserialize($sObject3  ));

function __unserialize($sObject) {
    $__ret =preg_replace('!s:(\d+):"(.*?)";!e', "'s:'.strlen('$2').':\"$2\";'", $sObject );
    return unserialize($__ret);
- so currently my guess is that session problems came from keeping some unsupported (by unserialize) data in user session
- I store lots of various information in my session data, but due to above discovery I've decided to keep it as small as possible - only user id
- so far I can say: looks like problem is mostly gone, but not in 100% Sad

Hope this will help.

ps. after searching bug reports I've found this:
Looks like this is another possible reason for session losing issue.

I have the same problem as well.
Lots of
Severity: Notice  --&gt; unserialize() [<a href='function.unserialize'>function.unserialize</a>]: Error at offset ...
in the log files.

I have tried to serialize/unserialize the same data without problems.

What I'm trying to do is to store a pasted (word/pdf) document as session data.

Please have a try

Check the encoding of your ci_sessions database table field

change it to utf8_general_ci

Prehaps i can trow some light on this topic. I have encountered a similar problem with sessions. To explain is more : In the config file

$config['sess_use_database']    = TURE;

Now try to use IE 7.0 ( or any other version )

try to set some session value... example :


Browser through pages in your website and you will notice that the values of Logged_in and UID are not set. Also Notice in your database ( since you are using database for session tracking ) you will notice multiple entries of session id with the same IP address and ofcoz some will have session variables, while others don't.

this is happening in IE only so far. On the other hand - tracking the session via Cookies does not have this problem.

Also it is possible that my ISP does not assign static IP's to users logged in to the Internet, my IP address changes randomly and the value of HTTP_X_FORWARDED also does not remain constant... could that be causing this problem. ??

The code is :
$config['sess_use_database'] = TRUE;
$config['sess_use_database'] = TURE;

And then, you try to check the clock on your computer and the clock on your server. In my opinion, your cookie is expired


That TRUE was a typo !!

anyway... i'm currently developing on a local machine. I'm using Aapche and PHP. The clock it fine and if i use the database to track the session, then i dont thing there shud be a cookie to worry about.

You use the database to track the session, it means you use both database and cookie. You need to care about cookie
Here is the code to set session:

$userdata = array(
'username' => 'This is my user name',
'logged_in' => TRUE

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.