I am using Codeigniter and this is my application/config/config.php
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_save_path'] = 'application/session';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.example.com';
$config['cookie_path'] = '/';
$config['cookie_secure'] = TRUE;
$config['cookie_httponly'] = TRUE;
Site is automatically redirect to https using .htaccess.
When site working on http only with sess_match_ip, cookie_secure and cookie_httponly with FALSE then it is working fine. but when working on https it logout automatically/randomly.
What is the proper configuration for https?
Since your site is running on load-balanced servers, the issue is not the cookie_secure atribute but the files driver.
When using the files driver, the session information is stored locally on the server that responds to your request. Depending on your load-balancing configuration, the user may change servers between requests. If that happens, when changing servers, the new server will not have the user's session information and thus he'll be logged out.
You have basically two choices here:
1.- Tweak your load-balancing configuration to enable sticky sessions of some sort. This will prevent, in most but not all cases, that the user jumps between servers. It's by far the easiest solution, but it has some drawbacks. If a server goes down and the load-balancer HAS TO move the user to another server, he'll be logged out, so one of the benefits of load-balancing will not be such in your case.
2.- Change your session storage to another driver (such as database) that's independent of the server who is responding to the user. Contrary to the files driver (in which each application server stores its own local session info), a database, redis or other session driver would use a single centralized storage for session data. So, regardless of the user jumping from server to server on each request, he'd remain logged in seamlessly.
My suggestion would be to go with the second choice, try using a database (the CI documentation is very self-explanatory on this matter) and you'll be fine :)
My website project is running well in firefox and google chrome but has url problem in IE(IE10). When i do login from IE though username and password is correct, the url remains in login and not to dashboard as expected.Below in controller code for redirect url.
$user_name = $this->input->post('user_name');
$password = $this->input->post('pass_word');
$user_id = $this->login_model->check_login($user_name, md5($password));
if ($user_id != 0){
//set session and redirect to dashboard
$this->session->set_userdata('admin_id', $user_id);
$next_url = $this->session->userdata('next_url');
$this->session->unset_userdata('next_url');
//redirect($next_url);
redirect('administrator/dashboard' , 'location');
}else{
$data['login'] = 'Invalid Username/Password!';
$data['class'] = 'error';
$this->session->set_flashdata($data);
redirect('administrator/login');
}
Am i doing anything wrong. How am i to solve this? Any help or suggestions is welcome. Thanks in advance.
Found the solution to the problem.Server time wasn't same as client time. (server time:11:30am, client time:5:30pm)
"Make sure your server’s time is correct. All browsers set cookies based on the client’s time. IE on the other hand, goes by server time. If the server’s time is in the past, cookies will expire as soon as they are set thus giving the illusion that your cookie never arrived."
check the link: http://ellislab.com/forums/viewthread/135722/
Try to replace location with refresh
redirect('administrator/dashboard' , 'refresh');
Try changing
redirect('administrator/dashboard' , 'location');
to
redirect('administrator/dashboard' , 'refresh');
Just using location can sometimes cause problems
I have a website based on Codeigniter which works fine. I had to clone this site with database to an another host. I copied the database and all files. My problem is: the session doesn't work on the new site. (I recognized it at the login). The same code works on the old host, but everything is exactly the same.
Does somebody have any idea? Is it a codeigniter configuration issue?
Thanks
Check your application/config.php
especially these lines:
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
Also: please delete your cookie-history
(if you're using Firefox: CTRL-SHIFT-DELETE)
Alternatively you could use (shameless self-plug) codeigniter-native-session
I too had a bit to much problems with the built-in session engine.
It basically mimics the Codeigniter session class so just drop in these files into your application folder and code doesn't needs any modification. (and you'll be using PHP-native-sessions)
Hope it helps.
I just moved my current office Joomla 1.5.8 instalation from the server(linux) to my local machines (winxp) so I can work locally and only upload the changes.
The thing is after downloading all the files and installing a backup of the remote DB on my local machine I found myself unable to login to the administrator panel, I can see the frontpage but not login :/
So far, I have googled alot this problem, but most people seem to be experiencing this problem while upgrading from joomla 1.0
To make sure the problem was not on permissions for the files,I did a separate brand new joomla instalation on another folder and it worked just fine, I could access the website and I also could login to admin page, then I changed the config file to connect to the joomla I'm trying to move and now I find myself again unable to login :/
I think the problem is on the DB however I already tried searching for specific paths but no luck
Does anyone has another Idea?
thanks in advance :)
Try to change following variable in your local configuration file with you local values.
var $offline = '0';
var $log_path = 'Your local joomla path\logs';
var $tmp_path = 'Your local joomla path\tmp';
var $live_site = 'local url will be here';
var $dbtype = 'mysql';
var $host = 'local db host';
var $user = 'DB user for local';
var $db = 'Db name for local';
var $dbprefix = 'DB prefix whatever you have set, by default jos_';
var $password = 'your DB password for local';
You probably have LDAP or openid authentication enabled and thats what is causing this blank page while you try to login.
Just go to your database and go to your:
jos_plugins
And edit the plugins which are either openid or LDAP
set their published status from 1 to '0'
Case solved.
Does your site use any kind of extra authentication? Mine used the LDAP Authentication plugin. MY local machine couldn't connect to the LDAP server. After turning LDAP authentication off (only use Joomla authentication) it worked.
edit the jos_plugins table in mysql to set published from 1 to 0 for any extra authentication plugins you are using.
I have discussed this issue in details here: http://www.itoctopus.com/blank-page-on-joomla-login
In most cases we have seen, Joomla is trying to load a file that no longer exists.
I'm still new to code igniter and I'm having problems getting the login system to work.
The login always works when I use Firefox. The login consistently works on some IE7 browsers but consistently fails on other IE7 browsers.
When tracing the code, I see that the models/redux_auth_model.php does successfully authenticate the user, it writes user information into the $this->session->set_userdata() and it redirect them to a member's page of my choosing. Here's the code:
public function login($identity = false, $password = false)
{
$identity_column = $this->config->item('identity');
$users_table = $this->tables['users'];
if ($identity === false || $password === false || $this->identity_check($identity) == false)
{
return false;
}
$query = $this->db->select($identity_column.', email, password, group_id')
->where($identity_column, $identity)
->where('active', 'Active')
->limit(1)
->get($users_table);
$result = $query->row();
if ($query->num_rows() == 1)
{
//$password = $this->hash_password_db($identity, $password);
if (!empty($result->activation_code)) { return false; }
if ($result->password === $password)
{
$this->session->set_userdata($identity_column, $result->{$identity_column});
$this->session->set_userdata('email', $result->email);
$this->session->set_userdata('group', $result->group_id);
return true;
}
}
return false;
}
I did a variable dump of $this->session in both IE7 and FF and confirmed that all the userdata is intact before the redirect. The session had my email information, group information and $identity_column information.
However, after the redirect, the session data is empty on some IE7 browsers, which is why CI keeps booting me out of the system. It's fully intact on other IE7 browsers and always intact in Firefox.
Why would session data be browser dependent?
Any ideas on how to troubleshoot this further? I am baffled...
It is a frustrating problem with the Codeigniter database session class, in the end I resorted to using native sessions using the drop-in replacement found here: https://github.com/EllisLab/CodeIgniter/wiki/Native-session
I was having the same problem while using CI Session in IE. Then I use the below header in controller constructor and it works for me.
Here is the header:
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
I faced the same problem while using IE8 with browser mode. I've found the problem is in matching the user agent. In session database it saves useragent as IE7 but from cookie it gets IE8. I've set $config[sess_match_useragent] = FALSE and the problem is solved.
The session class works fine in several of my projects including IE6/7/8 support (including multiple releases of CI). There are a few things that might be causing this, outside of the code pasted above:
Calling $this->session->sess_create(); from a baseclass (or elsewhere in your class's code) would reset your session.
Try combining your set_userdata calls to one call by passing it an array.
Make sure your data does not have any unexpected characters in it (this can cause issues in certain browsers).
Make sure your session class settings in the config are not rolling over the cookie every request.
Alternatively, consider an alternate session class like Native sessions
This is an issue that someone made a 3rd party fix for, it patches the session controller. Let me dig it up. I have used it in my codeigniter setups since it was first noted.
This issue is IE7/IE8 specific with redirects or frames.
EDIT
Here is the reference that I have found before, it helped me with the IE issue. Hopefully this is what is causing you headaches:
http://www.philsbury.co.uk/blog/code-igniter-sessions
It's a problem with browsers. I put this in MY_Controller in constructor:
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
for example:
if($this->uri->segment(1)=='admin') header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
We were developing an app involving a Facebook tab when we ran into this problem. We tried the above to no avail. Here's what we found out:
IE privacy settings seem to have to be medium or less
If your running a page app, make sure BOTH URL's have HTTPS protocol in them
Also, look into the Compact Privacy Policy for cookies.
config file application config.php
// 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
$config['cookie_secure'] = FALSE;
I solved this by using native php session instead of cookies (Storing codeigniter session_id in php native session).
You can grab library here: https://github.com/staskus/codeigniter-2.--native-session.
Just copy MY_Session.php file into applications/libraries
The problem is IE denying the cookie CI is trying to set. Native sessions is one way, however if you want to keep using CI sessions I have had success with the following troubleshooting:
Check that setting $config['cookie_domain'] in config.php is not empty
Remove the underscore from $config['sess_cookie_name'], for example change "ci_session" to "cisession"
Check that the server time is correct
I hate IE !!!
its working now giving P3P to our controllers fix the problem :
class Chupacabra extends CI_Controller {
function __construct() {
parent::__construct();
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
}
This issue plagued me when I was trying get a login page to work in CodeIgnitor. The session would not save.
It turns out that it was due to a domain name that I created from FREEDNS that contained an underscore (_). I renamed the domain name using a period (.) and reverted all the code changes that were suggested in this post, and Voila, it worked.
Thanks for all the comments and contributions on this page because they really led me down the road of investigating that darn underscore.