Prevent multiple user active session - codeigniter

I want to logout the user if the same user logs in to another computer.
In my CI3 I have the following config.
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_sessions';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
That would store user session to my database ci_session.
However, I want to prevent user to have multiple active session. Let say if user logs in to another computer his existing session should destroy.
Q1. How do I check if user is logged in? In my ci_session database, I can only see the blob type in user data column.
Q2. How to destroy his other active session if he logs to another computer?

Related

codeigniter sess_driver and path

I am trying to upload my codeigniter 3 site to godaddy, but I keep getting errors messages such as Session: Configured save path 'C:\Windows\Temp' is not writable by the PHP process..
I have followed this question and the codeigniter database driver here but so far nothing.
I created a ci_sessions table in my database, set the driver to database and the path to ci_sessions but I then get a fatal error. I tried setting the driver to files and the path to a ci_sessions folder I created but it can't find it but I'm not sure I created it correctly, I used $config['sess_save_path'] = '{{site_path}}/application/ci_sessions';
Does anyone have any idea what I'm doing wrong? Thanks in advance.
UPDATE
Ok, so I started with a fresh version of codeigniter 3 and set the driver to database and path to ci_sessions and it works, but when I use if(!empty($this->session->userdata("user_id")) it causes the fatal error, any ideas?
On your session save path looks like you are trying to save it to folder
create the a folder in application called ci_sessions make it 0700
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = APPPATH . 'ci_sessions/';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
If you need to put it into database
$config['sess_driver'] = 'database'; // Change files to database
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions'; // This will be your database table for sessions
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
For MYSQL Database
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(40) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
KEY `ci_sessions_timestamp` (`timestamp`)
);

Ion Auth (Codeigniter) - How to use different database

Is it possible to use different database for authenticating user through Ion Auth?
I would like to create a database dedicated only for user authentication. So, it should be separated from transactional database.
How to do that?
Thank you.
In short...yes it is possible for you to use a different database for your authentication. You would need to create a second database configuration in your application/config/database.php file (similar to the below) in addition to your default config.
$db['default']['hostname'] = "localhost";
$db['default']['username'] = "root";
$db['default']['password'] = "";
$db['default']['database'] = "db_name";
$db['default']['dbdriver'] = "mysql";
$db['authentication']['hostname'] = "localhost";
$db['authentication']['username'] = "root";
$db['authentication']['password'] = "";
$db['authentication']['database'] = "auth_db_name";
$db['authentication']['dbdriver'] = "mysql";
For further reference see - http://ellislab.com/codeigniter/user-guide/database/configuration.html
You would then have to modify your ion_auth model to use this second db configuration, which you would set when loading the database.
$auth_db = $this->load->database('authentication', TRUE);
Then change all database queries in the model replacing $this->db with $auth_db.
So, $this->db->select('password, salt') would become $auth_db->select('password, salt').
For further reference see - http://ellislab.com/codeigniter/user-guide/database/connecting.html
Hope that helps!
The simplest way would be to expand on what MY_Mark said.
Create the new DB config
$db['authentication']['hostname'] = "localhost";
$db['authentication']['username'] = "root";
$db['authentication']['password'] = "";
$db['authentication']['database'] = "auth_db_name";
$db['authentication']['dbdriver'] = "mysql";
Then in the constructor of the ion_auth_model.php do this:
$this->db = $this->load->database('authentication', TRUE);
And it should just work after that.

CodeIgniter Cart and Session lost when refresh page

I'm using CodeIgniter v2.1.3 and having a problem with using CI Cart and Session. When I insert an element into Cart, everything gone fine. But when I refresh the page, all saved Cart items disappeared. The same problem happened when I use Session Class.
But everything works well on my localhost. The problem just happends on my Server.
There are some websites on my Server now and they dont have any problem with Session. So I guess it must be caused by CI.
Here is Session configuarations in application/config/config.php :
$config['sess_cookie_name'] = 'blowup_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions1';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
I tried to print the session_id but it returned nothing. So I guess the Session class did not generate any session_id. Try to start the session manually by using session_start(), the session_id was generated.
I also tried to save something by using $_SESSION, and they are saved without any problem.
Does it mean that the CI_Session and Cart library were not auto loaded?
How could I fix it? Or is there any Session class could replace the current one?
PS: My Server is running CentOS 5, PHP v 5.2.17 , Apache 2.2.23 and MySQL 5.0.96
UPDATED
Below is the function I use in Controller to add an item into Cart. The data ($params) is posted via an AJAX request (using jquery AJAX). The returned data is a HTML view.
public function add_to_cart(){
$this->layout->set_template('ajax');
if ($this->is_post()){
$params = $this->get_all_post_data();
//Debug::dump($this->cart);die;
if (isset($params['id']) && (int)$params['id']>0){
$product = $this->_product_model->get_record_by_id((int)$params['id']);
if (!is_null($product)){
if (count($this->cart->contents())>0){
foreach ($this->cart->contents() as $item){
if ($item['id']==$product->id){
$data = array('rowid'=>$item['rowid'],'qty'=>++$item['qty']);
$this->cart->update($data);
}else{
$data = array('id'=>$product->id,'qty'=>1,'price'=>$product->price,'name'=>$product->id,'options'=>array('image'=>$product->thumb,'product_name'=>$product->title));
$this->cart->insert($data);
}
}
}else{
$data = array('id'=>$product->id,'qty'=>1,'price'=>$product->price,'name'=>$product->id,'options'=>array('image'=>$product->thumb,'product_name'=>$product->title));
$this->cart->insert($data);
}
$this->session->set_userdata(array('test'=>'Session test'));
$this->layout->load('cart/topmenu_cart', $this->data);
}
}
}
}
Have you tried to use database to store session data instead? Based on your settings, I guess because your data is to large to hold in a 4KB cookie.

Session data lost so fast and rapidly in codeigniter

I have build a web application using codeignitet. It's about 200 users in my application. When user login, it success, but the session data just keep about one minutes and then kills automatically.
I use ci_sessions to store custom session data.
This is my session configuration :
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 900;
In my application, if session kill it redirect to login page. It always redirect and redirect to login page, i think it cause the session data lost rapidly. Need Helps and Thanks.
Your session's configuration looks Okay and you're also storing it in a database which is a good practice too.
It seems like is some place in your code you're destroying the session or part of it.
We have to see some code if you're unable to trace it yourself.
Good Luck!

Codeigniter is messing with sessions

I have written a simple authentication process on Codeigniter but there is a problem.
For some reason, while a user is exploring the site, the session is confused and impersonates another random user.
I just simply do:
$this->session->set_userdata('logged_in', TRUE);
$this->session->set_userdata('id', $account->id);
and I get logged user's id via
$logged_id = $this->session->userdata('id');
I store sessions on DB, on ci_sessions table
and the config file contains the default:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
What could be messing the sessions and getting different ids from them?
Late answer, but it might be useful to someone. I had this problem once, it was because the column for the User-Agent was too small (then, the string was truncated and CodeIgniter was recreating session id, thinking that the client was different). Make sure to use the schema table mentioned on CI.
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(45) DEFAULT '0' NOT NULL,
user_agent varchar(120) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id),
KEY `last_activity_idx` (`last_activity`)
);
It sounds really strange. Your code and your configuration seems to be ok.
Please check if you correctly destroy/init session when user log in:
$this->CI->session->sess_destroy();
$this->CI->session->sess_create();
Then give a look to your MySQL ci_sessions table and try to debug your problem showing 'session_id' of current user.. It's correct?
If you don't resolve, please post more code you are using.

Resources