• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Issue Maintaining Logged in State

#1
We are encountering a strange situation where accessing pages in one specific area of the site causes the user to get logged out. I have reviewed the code for those pages and they do not touch cookies except to check logged in status. That is necessary as logged in users see a different result from others. Clearing the cache in Chrome does not help but I think it ignores the do not cache headers. The following is sent with every page:

"header('Cache-Control: no-cache, no-store, must-revalidate');header('Pragma: no-cache');header('Expires: 0')"

 What is more strange is this only happens with Chrome. It does not occur with Firefox or Edge. 

 If anyone has encountered this did you find a magic meta tag which resolved it?
Reply

#2
Without seeing your session code it is hard to try and fix your problem.

This is how you can do it for all web browsers.

PHP Code:
header("Content-Type: application/json");
header("Expires: 0");
header("Last-Modified: " gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0"false);
header("Pragma: no-cache"); 

If the 0 in the header expires isn't working on expires due to old browsers not understanding it, 
you can try putting the date to a time in the past.

PHP Code:
header("Content-Type: application/json");
header("Expires: on, 01 Jan 1970 00:00:00 GMT");
header("Last-Modified: " gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0"false);
header("Pragma: no-cache"); 
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#3
I will try these ideas. The problem with Chrome is recent. Possibly since its last update. In further testing with other browsers, the problem cannot be replicated in Firefox, MS Edge or Opera.

I know the site is using a cookie, but all I check is $_SESSION data. In Chrome, that is getting unset, but only in one specific section of the website. As a result, I spent several hours reviewing the code to make sure there was nothing unintentionally destroying the session. As the user navigates, the site confirms that sessions are running and checks the user's status. That only happens once. The only location which destroys sessions is the log off script.

I use a common header file for all pages. That is where the browser is told to not cache. If I do not do that browsers show pages which reflect the wrong logged in status, but which otherwise function correctly.

I have been using the current system for almost a decade. This is the first time there have been problems. Because of its age I wanted to investigate a new system which holds the promise of being cookie free.
Reply

#4
You can read this may solve your problem.

Session data lost in Chrome only
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#5
It pointed me in the right direction. The solution was changing the following in the php.ini file

FROM
session.cookie_samesite="Strict"

TO
session.cookie_samesite="Lax"

I was aiming for greater security. Chrome hated it I guess.
Reply

#6
Glad you got it working CodeIgniter 4 uses it also but it's set to Lax.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#7
Interesting. As soon as I am through my next round of projects I am going to start migrating to CI4.

At the moment, completing the migration to bootstrap.css. This was fairly rapid with normal pages and forms, but more challenging with some content as it is created outside Codeigniter. There is still a little 25 year old perl in use. Yikes!

Once complete, I am hoping for performance gains both from CI4 and PHP 8, when it is available in my site ecosystem.
Reply

#8
When you make the move to ci 4 checkout the new views, view cells and layouts.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.