I have written a simple authentication process on Codeigniter but there is a problem.
For some reason, while a user is exploring the site, the session is confused and impersonates another random user.
I just simply do:
$this->session->set_userdata('logged_in', TRUE);
$this->session->set_userdata('id', $account->id);
and I get logged user's id via
$logged_id = $this->session->userdata('id');
I store sessions on DB, on ci_sessions table
and the config file contains the default:
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
What could be messing the sessions and getting different ids from them?
Late answer, but it might be useful to someone. I had this problem once, it was because the column for the User-Agent was too small (then, the string was truncated and CodeIgniter was recreating session id, thinking that the client was different). Make sure to use the schema table mentioned on CI.
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(45) DEFAULT '0' NOT NULL,
user_agent varchar(120) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id),
KEY `last_activity_idx` (`last_activity`)
);
It sounds really strange. Your code and your configuration seems to be ok.
Please check if you correctly destroy/init session when user log in:
$this->CI->session->sess_destroy();
$this->CI->session->sess_create();
Then give a look to your MySQL ci_sessions table and try to debug your problem showing 'session_id' of current user.. It's correct?
If you don't resolve, please post more code you are using.
Related
I want to logout the user if the same user logs in to another computer.
In my CI3 I have the following config.
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_sessions';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
That would store user session to my database ci_session.
However, I want to prevent user to have multiple active session. Let say if user logs in to another computer his existing session should destroy.
Q1. How do I check if user is logged in? In my ci_session database, I can only see the blob type in user data column.
Q2. How to destroy his other active session if he logs to another computer?
I am trying to upload my codeigniter 3 site to godaddy, but I keep getting errors messages such as Session: Configured save path 'C:\Windows\Temp' is not writable by the PHP process..
I have followed this question and the codeigniter database driver here but so far nothing.
I created a ci_sessions table in my database, set the driver to database and the path to ci_sessions but I then get a fatal error. I tried setting the driver to files and the path to a ci_sessions folder I created but it can't find it but I'm not sure I created it correctly, I used $config['sess_save_path'] = '{{site_path}}/application/ci_sessions';
Does anyone have any idea what I'm doing wrong? Thanks in advance.
UPDATE
Ok, so I started with a fresh version of codeigniter 3 and set the driver to database and path to ci_sessions and it works, but when I use if(!empty($this->session->userdata("user_id")) it causes the fatal error, any ideas?
On your session save path looks like you are trying to save it to folder
create the a folder in application called ci_sessions make it 0700
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = APPPATH . 'ci_sessions/';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
If you need to put it into database
$config['sess_driver'] = 'database'; // Change files to database
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions'; // This will be your database table for sessions
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
For MYSQL Database
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(40) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
KEY `ci_sessions_timestamp` (`timestamp`)
);
I am able to get login and print session in the function but when i click on any other function my session get lost and it redirect me back to index page as each function is having session set constraint. Below written is the code:
$session = $this->session->userdata('logged_in');
redirect('user/user_dashboard');
and when i print session over there it prints and after removing die it lost.
Is the browser you're testing for Safari? I found a lot of reports that this is a common problem with Safari on iPad or iPhone, but also with Internet Explorer, which I've solved in the past.
When I encountered this in the past on Internet Explorer, I fixed it by setting the following option in config.php:
$config['sess_match_useragent'] = FALSE;
Apparently, the problem is caused by the fact that the session_id() is regenerated every time a user loads any page. By not checking for the useragent any more, apparently, CodeIgniter's native session class no longer performs that particular check-up.
Let me know if it worked!
Use session in database instead of files. First create table in your database
CREATE TABLE IF NOT EXISTS `ci_sessions` (
`id` varchar(40) NOT NULL,
`ip_address` varchar(45) NOT NULL,
`timestamp` int(10) unsigned DEFAULT 0 NOT NULL,
`data` blob NOT NULL,
PRIMARY KEY (id),
KEY `ci_sessions_timestamp` (`timestamp`)
);
Then add following lines in your config file
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_sessions';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
I'm using CodeIgniter v2.1.3 and having a problem with using CI Cart and Session. When I insert an element into Cart, everything gone fine. But when I refresh the page, all saved Cart items disappeared. The same problem happened when I use Session Class.
But everything works well on my localhost. The problem just happends on my Server.
There are some websites on my Server now and they dont have any problem with Session. So I guess it must be caused by CI.
Here is Session configuarations in application/config/config.php :
$config['sess_cookie_name'] = 'blowup_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions1';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
I tried to print the session_id but it returned nothing. So I guess the Session class did not generate any session_id. Try to start the session manually by using session_start(), the session_id was generated.
I also tried to save something by using $_SESSION, and they are saved without any problem.
Does it mean that the CI_Session and Cart library were not auto loaded?
How could I fix it? Or is there any Session class could replace the current one?
PS: My Server is running CentOS 5, PHP v 5.2.17 , Apache 2.2.23 and MySQL 5.0.96
UPDATED
Below is the function I use in Controller to add an item into Cart. The data ($params) is posted via an AJAX request (using jquery AJAX). The returned data is a HTML view.
public function add_to_cart(){
$this->layout->set_template('ajax');
if ($this->is_post()){
$params = $this->get_all_post_data();
//Debug::dump($this->cart);die;
if (isset($params['id']) && (int)$params['id']>0){
$product = $this->_product_model->get_record_by_id((int)$params['id']);
if (!is_null($product)){
if (count($this->cart->contents())>0){
foreach ($this->cart->contents() as $item){
if ($item['id']==$product->id){
$data = array('rowid'=>$item['rowid'],'qty'=>++$item['qty']);
$this->cart->update($data);
}else{
$data = array('id'=>$product->id,'qty'=>1,'price'=>$product->price,'name'=>$product->id,'options'=>array('image'=>$product->thumb,'product_name'=>$product->title));
$this->cart->insert($data);
}
}
}else{
$data = array('id'=>$product->id,'qty'=>1,'price'=>$product->price,'name'=>$product->id,'options'=>array('image'=>$product->thumb,'product_name'=>$product->title));
$this->cart->insert($data);
}
$this->session->set_userdata(array('test'=>'Session test'));
$this->layout->load('cart/topmenu_cart', $this->data);
}
}
}
}
Have you tried to use database to store session data instead? Based on your settings, I guess because your data is to large to hold in a 4KB cookie.
I have build a web application using codeignitet. It's about 200 users in my application. When user login, it success, but the session data just keep about one minutes and then kills automatically.
I use ci_sessions to store custom session data.
This is my session configuration :
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 900;
In my application, if session kill it redirect to login page. It always redirect and redirect to login page, i think it cause the session data lost rapidly. Need Helps and Thanks.
Your session's configuration looks Okay and you're also storing it in a database which is a good practice too.
It seems like is some place in your code you're destroying the session or part of it.
We have to see some code if you're unable to trace it yourself.
Good Luck!