Codeigniter sessions issue

Question

I am using codeigniter. I have a weird problem with the sessions. I set the session when the user logs in and redirects him to a new page. I observe that the sessions are set sometimes and sometimes they aren't set. I have tried using codeigniter sessions & native sessions with sess_use_database variable TRUE and FALSE. I have no idea of what's going on.

This is how the config file looks like:

$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 7200;

Answer 1

try $config['sess_match_useragent'] = FALSE;

i'm experiencing the same issue with sessions and redirects and i've hacked my cms to find out what's causing this. setting that in config.php worked for me.

Answer 2

I think that it's just not getting updated as supposed and it creates a new one on every page request. (common Codeigniter's setting issue)

here's my suggestions:

double check your Application/Config/config.php file to ensure that the part of session domain looks like that if you host the site on the main directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "var/sessions/";
$config['cookie_secure']    = FALSE;

and like that if you host the site on a sub-directory:

$config['cookie_prefix']    = "";
$config['cookie_domain']    = "yourdomain.com";
$config['cookie_path']  = "siteSubDirectory/var/sessions/";
$config['cookie_secure']    = FALSE;

and also make sure that the 2 directories are writable by fixing their permissions to 755 or so, and I strongly recommend that you enable database session, it's more secure and will help you find out the real problem by checking the session table. good luck :)

Answer 3

Had the same issue and what I found it having

    $config['sess_encrypt_cookie']  = TRUE;
    $config['sess_use_database']    = TRUE;

Will insert 2 records in the session table, the first record with the data and the second record with nothing hence the session data not accessible. When you change

    $config['sess_encrypt_cookie']  = FALSE;

to false it will only insert one record into the session table with all the data and all will be right with the world :)

Answer 4

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

In order to store sessions, you must first create a database table for this purpose.

Create it in your DB:

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

When, go at config and and change:

$config['sess_use_database']    = TRUE;

I prefer to save the session in database because it is more secure and works without problem.

Answer 5

Where is your sess_cookie setting? I dont see it there?

$config['sess_cookie_name']     = 'cookiename';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 7200;

Make sure whatever cookie name you pick does NOT have an underscore. i.e:

$config['sess_cookie_name'] = 'mycookie';   // good
$config['sess_cookie_name'] = 'my_cookie';   // bad