Login

eflyerman · 05-13-2017, 05:17 PM

I have added javascript to a CI app to prompt the user 5 min before the session expires. I'd like to allow the user to respond and reset the session timeout without refreshing the page.

As an experiment, I've tried an ajax call to regen the session id (its not prod so don't criticize me for bad code, just testing for now). The session still times out at the original time.

Whats the right way to reset the session without a round trip to the server?

Code:
My config section

$config['sess_driver'] = 'database';

$config['sess_cookie_name'] = 'redimd_v3';

$config['sess_expiration'] = 305;

$config['sess_save_path'] = 'sessions';

$config['sess_match_ip'] = true;

$config['sess_time_to_update'] = 200;

$config['sess_regenerate_destroy'] = FALSE

Controller

PHP Code:
function ajax_refresh_session(){
        //check authorized
        $this->session->grant_access('user|admin|clinic_admin|doctor');
                
                //load json helper
        $this->load->helper('json');
        
        //Call the sess_update method to actually regenerate the session ID
        if( $this->session->is_logged_in() )
            $this->session->sess_regenerate(false);

        json_response("Session refreshed");
    } 

Javascript

Code:
       $.ajax({

            url: "/user/ajax_refresh_session",

            type: "POST",

            error: function() {

                if(confirm("Session refresh failed.  Your session will timeout if you do not refresh the page or navigate to another location. Click OK to refresh this page or cancel to return to this page."))

                    location.reload(true);

            },

            success: function(jsondata, status, xhr){

                initTimers();

            }

        });

**InsiteFX** · 05-14-2017, 02:57 AM

Why not just log them out and then back in with a new session?

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )

eflyerman · 05-14-2017, 12:12 PM

The main point of my post was to extend the session and avoid a post back to the server (round trip). Logging them out won't accomplish that. A post to the server would lose un-submitted data and break any video/chat session connections.

In the current iteration, the session regenerates from the ajax call and the user can navigate normally using the new sessionid. If the user clicks continue and remains on the page beyond the original session timeout the session still expires. If the user tries to submit or navigate, the session->is_logged_in() returns false and my code redirects to the unsecured area.

I have set the session timeout 305 for testing so my dialog pops up after 5 seconds on the page loads. The user has three choices from the dialog; ignore, logout and continue. Ignore simply closes the dialog and lets the session time-out as normal. Logout is self explanatory and continue currently does an ajax post.

I my first thought was to simply do a location.reload(true); to force the page to reload which works for most of the pages. It breaks the video chat session and loses data and resets table sorts and filters on the rest of the pages.

I believe the problem is the cookie expiration. I thought of rewriting the cookie with an expiration extension to match the sessiontimeout . I have the cookie_httponly configuration setting set to false in the config file but CI is still sending the cookie with the HttpOnly flag set so the cookie isn't available to javascript to rewrite.

**InsiteFX** · 05-14-2017, 01:12 PM

You might be able to extend the sessions library and add the things that you need to happen.

I know there is a jQuery Cookie plugin for jQuery.

What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009. ( Skype: insitfx )