Welcome Guest, Not a member yet? Register   Sign In
Codeigniter duplicate session issue
#1

I have an application built with codeigniter using the sessions class and storing session data in a database.but when I login into the system with different user and different COMPUTER and Browser, I wonder why all users have the same session data as the first login into the system.


SESSION CONFIGURATION

$config['sess_driver'] = 'database';

$config['sess_cookie_name'] = 'ci_session';

$config['sess_expiration'] = 600;

$config['sess_save_path'] = 'ci_sessions';

$config['sess_match_ip'] = FALSE;

$config['sess_time_to_update'] = 30;
$config['sess_regenerate_destroy'] = TRUE;

I attached a database file
please needs help

Attached Files Thumbnail(s)
   
Reply
#2

There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#3

(10-18-2017, 04:11 AM)InsiteFX Wrote: There is something wrong with your login code. You would need to post
some of your code here, so that we can see what your doing wrong.

LOGIN MODEL

Code:
public function login($email, $pass, $remember = FALSE) {

       // Remove cookies first
       $cookie = array(
           'name' => 'user',
           'value' => '',
           'expire' => time() - 3600,
           'path' => '/',
       );

       $this->CI->input->set_cookie($cookie);


       /*
        *
        * User Verification
        *
        * Removed or !ctype_alnum($pass) from the IF statement
        * It was causing issues with special characters in passwords
        * and returning FALSE even if the password matches.
        */
       if (!valid_email($email) OR strlen($pass) < 5 OR strlen($pass) > $this->config_vars['max']) {
           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }


       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);
       $row = $query->row();

       // only email found and login attempts exceeded
       if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && !$this->update_login_attempts($row->email)) {

           $this->error($this->CI->lang->line('aauth_error_login_attempts_exceeded'));
           return FALSE;
       }

       //recaptcha login_attempts check
       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);
       $row = $query->row();
       if ($query->num_rows() > 0 && $this->config_vars['ddos_protection'] && $this->config_vars['recaptcha_active'] && $row->login_attempts >= $this->config_vars['recaptcha_login_attempts']) {
           $reCAPTCHA_cookie = array(
               'name' => 'reCAPTCHA',
               'value' => 'true',
               'expire' => time() + 7200,
               'path' => '/',
           );
           $this->CI->input->set_cookie($reCAPTCHA_cookie);
       }

       // if user is not verified
       $query = null;
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->where('banned', 1);
       $query = $this->CI->db->where('verification_code !=', '');
       $query = $this->CI->db->get($this->config_vars['users']);

       if ($query->num_rows() > 0) {
           $this->error($this->CI->lang->line('aauth_error_account_not_verified'));
           return FALSE;
       }

       // to find user id, create sessions and cookies
       $query = $this->CI->db->where('email', $email);
       $query = $this->CI->db->get($this->config_vars['users']);

       if ($query->num_rows() == 0) {
           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }

       $user_id = $query->row()->id;

       $query = null;
       $query = $this->CI->db->where('email', $email);

       // Database stores pasword hashed password
       $passwd = $this->hash_password($pass, $user_id);
       $query = $this->CI->db->where('pass', $passwd);
       //$query = $this->CI->db->where('pass', $this->hash_password($pass, $user_id));
       $query = $this->CI->db->where('banned', 0);

       $query = $this->CI->db->get($this->config_vars['users']);

       $row = $query->row();
       if ($this->CI->input->cookie('reCAPTCHA', TRUE) == 'true') {
           $reCaptcha = new ReCaptcha($this->config_vars['recaptcha_secret']);
           $resp = $reCaptcha->verifyResponse($this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response"));

           if (!$resp->success) {
               $this->error($this->CI->lang->line('aauth_error_recaptcha_not_correct'));
               return FALSE;
           }
       }

       // if email and pass matches and not banned
       if ($query->num_rows() > 0) {

           // If email and pass matches
           // create session
           //get user_group
           $group = $this->get_user_groups($row->id);
           $mygroup = $group[0]->group_name;
           $data = array(
               'user_id' => $row->id,
               'firstname' => $row->firstname,
               'lastname' => $row->lastname,
               'phone' => $row->phone,
               'email' => $row->email,
               'centre_id' => $row->centre_id,
               'zone_id' => $row->zone_id,
               'mygroup' => $mygroup,
               'loggedin' => TRUE
           );

           $this->CI->session->set_userdata($data);

           // if remember selected
           if ($remember) {
               $expire = $this->config_vars['remember'];
               $today = date("Y-m-d");
               $remember_date = date("Y-m-d", strtotime($today . $expire));
               $random_string = random_string('alnum', 16);
               $this->update_remember($row->id, $random_string, $remember_date);

               $cookie = array(
                   'name' => 'user',
                   'value' => $row->id . "-" . $random_string,
                   'expire' => time() + 99 * 999 * 999,
                   'path' => '/',
               );

               $this->CI->input->set_cookie($cookie);
           }

           $reCAPTCHA_cookie = array(
               'name' => 'reCAPTCHA',
               'value' => 'false',
               'expire' => time() - 3600,
               'path' => '/',
           );
           $this->CI->input->set_cookie($reCAPTCHA_cookie);

           // update last login
           $this->update_last_login($row->id);
           $this->update_activity();
           $this->reset_login_attempts($row->id);

           return TRUE;
       }
       // if not matches
       else {

           $this->error($this->CI->lang->line('aauth_error_login_failed'));
           return FALSE;
       }
   }

LOGIN CONTROLLER
Code:
   function authentication() {
       $email = $this->input->post('email');
       $password = $this->input->post('password');
       $login = $this->aauth->login($email, $password);
       if ($login):

           redirect('dashboard/');
       else:
           $data['msg'] = $this->aauth->get_errors_array();
           $this->load->view('auth/login', $data);
       endif;
   }
Reply
#4

For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
 
   'username',
 
   'firstname',
 
   'lastname',
 
   'phone',
 
   'email',
 
   'centre_id',
 
   'zone_id',
 
   'mygroup',
 
   'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#5

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
 
   'username',
 
   'firstname',
 
   'lastname',
 
   'phone',
 
   'email',
 
   'centre_id',
 
   'zone_id',
 
   'mygroup',
 
   'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.

ok let me try it
Reply
#6

(10-19-2017, 03:18 AM)InsiteFX Wrote: For one I would refactor your code and move a lot of it to a library.

You did not show your logout method, so this would be the way to do it.

PHP Code:
// unset one session item
$this->session->unset_userdata('some_name');

// unset multiple session items
$array_items = array(
 
   'username',
 
   'firstname',
 
   'lastname',
 
   'phone',
 
   'email',
 
   'centre_id',
 
   'zone_id',
 
   'mygroup',
 
   'loggedin'
);

$this->session->unset_userdata($array_items);

// destroy the session should be the last called.
$this->session->sess_destroy(); 

Try that in your logout method and see if it will work.
Still the same problems
Reply
#7

I can not message you back because you have Private Messages turned on in your profile.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply




Theme © iAndrew 2016 - Forum software by © MyBB