CODEWITHSUNDEEP
codeignitersession
GRaecuS
GRaecuS

Reputation: 236

Codeigniter is messing with sessions

I have written a simple authentication process on Codeigniter but there is a problem.

For some reason, while a user is exploring the site, the session is confused and impersonates another random user.

I just simply do: 

$this->session->set_userdata('logged_in', TRUE);  
$this->session->set_userdata('id', $account->id);

and I get logged user's id via $logged_id = $this->session->userdata('id');

I store sessions on DB, on ci_sessions table
and the config file contains the default: 

$config['sess_cookie_name']     = 'ci_session';  
$config['sess_expiration']      = 7200;  
$config['sess_expire_on_close'] = FALSE;  
$config['sess_encrypt_cookie']  = TRUE;  
$config['sess_use_database']    = TRUE;  
$config['sess_table_name']      = 'ci_sessions';  
$config['sess_match_ip']        = FALSE;  
$config['sess_match_useragent'] = TRUE;  
$config['sess_time_to_update']  = 300;

What could be messing the sessions and getting different ids from them?

Upvotes: 0

Views: 589

Answers (2)

Laila
Laila

Reputation: 1501

Late answer, but it might be useful to someone. I had this problem once, it was because the column for the User-Agent was too small (then, the string was truncated and CodeIgniter was recreating session id, thinking that the client was different). Make sure to use the schema table mentioned on CI. 

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(45) DEFAULT '0' NOT NULL,
    user_agent varchar(120) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id),
    KEY `last_activity_idx` (`last_activity`)
);

Upvotes: 1

deste
deste

Reputation: 550

It sounds really strange. Your code and your configuration seems to be ok. Please check if you correctly destroy/init session when user log in:

$this->CI->session->sess_destroy();
$this->CI->session->sess_create();

Then give a look to your MySQL ci_sessions table and try to debug your problem showing 'session_id' of current user.. It's correct? If you don't resolve, please post more code you are using.

Upvotes: 0

Related Questions