Login

TemiU · 12-19-2018, 04:04 AM

Hello.

We are in the process of updating our website from CodeIgniter 2 (.1.1) to CodeIgniter 3 (.1.9).

We use the set_flashdata() method to set a message to be displayed on redirect in numerous places in our code. When the redirect occurs, the message disappears. This was working fine in our original CodeIgniter 2 application.

It should be noted that this only occurs when there is a redirect (i.e., index.php file to run from the beginning). If we reload the view without redirecting, the flashdata shows up correctly.

I tried using keep_flashdata(), but it did not work.

I was wondering if perhaps this has to do with the way the new Session class works.

Any help would be greatly appreciated!

dave friend · 12-19-2018, 09:06 AM

There were significant changes in the session library starting with version 3.

Be certain that all the items in this upgrade step have been completed.

If you're using the database driver be sure this change has been implemented.

neuron · 12-19-2018, 11:23 PM

I started using CI two years ago, also it is the time I started for web development.
At the time in CI v3 flashdata occured only on redirection, I don't know if it still do so.
Then I found Postal library which can be used as a replacement for flashdata.
It shows message no matter if page is redirected or reloaded.
Also you can configure message for each message type (success, errorr ...)
I am still using it, I don't use flashdata at all anymore.

TemiU · 12-24-2018, 04:00 AM

(12-19-2018, 09:06 AM)dave friend Wrote: There were significant changes in the session library starting with version 3.

Be certain that all the items in this upgrade step have been completed.

If you're using the database driver be sure this change has been implemented.

Dave,

Sorry for the delayed response - I got bogged down by other projects. I re-checked everything to the best of my ability, and I believe that all of the changes were implemented correctly.

Is it possible, per neuron's response below, that the changes were implemented correctly, but that flashdata is still not working on redirect?

The postal library works very well (thanks, neuron!), but it would mean implementing extensive changes to my code, which I am loathe to do.

dave friend · 12-24-2018, 09:09 AM

(12-24-2018, 04:00 AM)TemiU Wrote: Dave,

Sorry for the delayed response - I got bogged down by other projects. I re-checked everything to the best of my ability, and I believe that all of the changes were implemented correctly.

Is it possible, per neuron's response below, that the changes were implemented correctly, but that flashdata is still not working on redirect?

The postal library works very well (thanks, neuron!), but it would mean implementing extensive changes to my code, which I am loathe to do.

The session configuration changes have proved a trouble spot for many upgrades. Share the session and cookie config settings being used and we'll see if everything looks as it should.

TemiU · 01-24-2019, 02:07 AM

(12-24-2018, 09:09 AM)dave friend Wrote:
(12-24-2018, 04:00 AM)TemiU Wrote: Dave,

Sorry for the delayed response - I got bogged down by other projects. I re-checked everything to the best of my ability, and I believe that all of the changes were implemented correctly.

Is it possible, per neuron's response below, that the changes were implemented correctly, but that flashdata is still not working on redirect?

The postal library works very well (thanks, neuron!), but it would mean implementing extensive changes to my code, which I am loathe to do.

The session configuration changes have proved a trouble spot for many upgrades. Share the session and cookie config settings being used and we'll see if everything looks as it should.

Dave,

Sorry for the sporadic responses.

Here you go:
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'PPS';
$config['sess_expiration'] = 3600;
$config['sess_save_path'] = 'sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = 'PPS';
$config['cookie_domain'] = '';
$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
$config['cookie_httponly'] = FALSE;

We also have a custom library that overrides the Session library (in the application/libraries/session folder). I needed to put in a custom _configure(). Our code (developed by a different developer) sometimes utilizes a second "session" for the admin backend, if it is in use. If it is the admin session cookie is being passed, then the regular _configure() worked fine. However, the ini_set of the CI 3 _configure() kept on causing a warning message, so I commented it out in the custom _configure(). (The warning message was: Message: ini_set(): A session is active. You cannot change the session module's ini settings at this time). That was the only change to _configure().

Thank you very much for your help!

Code:
protected function _configure(&$params)

    {

        //if this is the admin_session, do something else

        if(!isset($params['cookie_name']) OR !$params['cookie_name']=='PPSadmin_session_config'){

            parent::_configure($params);

        }else{

            $expiration = config_item('sess_expiration');

            if (isset($params['cookie_lifetime']))

            {

                $params['cookie_lifetime'] = (int) $params['cookie_lifetime'];

            }

            else

            {

                $params['cookie_lifetime'] = ( ! isset($expiration) && config_item('sess_expire_on_close'))

                    ? 0 : (int) $expiration;

            }

            isset($params['cookie_name']) OR $params['cookie_name'] = config_item('sess_cookie_name');

            if (empty($params['cookie_name']))

            {

                $params['cookie_name'] = ini_get('session.name');

            }

            else

            {

                ini_set('session.name', $params['cookie_name']);

            }

            isset($params['cookie_path']) OR $params['cookie_path'] = config_item('cookie_path');

            isset($params['cookie_domain']) OR $params['cookie_domain'] = config_item('cookie_domain');

            isset($params['cookie_secure']) OR $params['cookie_secure'] = (bool) config_item('cookie_secure');

            session_set_cookie_params(

                $params['cookie_lifetime'],

                $params['cookie_path'],

                $params['cookie_domain'],

                $params['cookie_secure'],

                TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons

            );

            if (empty($expiration))

            {

                $params['expiration'] = (int) ini_get('session.gc_maxlifetime');

            }

            else

            {

                $params['expiration'] = (int) $expiration;

                ini_set('session.gc_maxlifetime', $expiration);

            }

            $params['match_ip'] = (bool) (isset($params['match_ip']) ? $params['match_ip'] : config_item('sess_match_ip'));

            isset($params['save_path']) OR $params['save_path'] = config_item('sess_save_path');

            $this->_config = $params;

            // Security is king

            //TU for CI 3 10/18/18 - don't do the first ini_set - was resulting in an error.

            //ini_set('session.use_trans_sid', 0);

            ini_set('session.use_strict_mode', 1);

            ini_set('session.use_cookies', 1);

            ini_set('session.use_only_cookies', 1);

            $this->_configure_sid_length();

        }

    }