PHP/Codeigniter sessions getting destroyed

Question

I am working on a web app at the moment, the users logs in a session is created and logged to the database.

What is occurring is that a user will get randomly get logged out, through no option of their own. The backstory is that this is generally happening to users who are sharing an account (not the best thing but the nature of the app, means it needs to be allowable).

Could this be the reason for the random logouts? Or is something deeper in CI and storing sessions in the database? I also read that doing a lot of AJAX requests close together can cause the SESSION ID to change, and the could then overwrite the database record and log the user out. Again is this a possibility? I think this one is less so as I have written a patch to stop this happening.

SESSION CONFIG:

$config['sess_cookie_name']     = 'app';
$config['sess_expiration']      = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update']  = 300;
$config['sess_use_multisessions'] = TRUE;
$config['sess_multisession_expiration'] = 10;

Answer 1

By using this function, I solved my issue related to session storage:

$config['sess_save_path'] = sys_get_temp_dir();

Answer 2

Sorry, for my previous answer. I was wrong. I am not sure about this two config settings, not able to find in the CI manual also.

$config['sess_use_multisessions'] = TRUE;
$config['sess_multisession_expiration'] = 10;

But, this won't make any problem.

Please try by making $config['sess_match_useragent'] to TRUE.

Answer 3

I have changed my config setting $config['sess_time_to_update'] = 300; to $config['sess_time_to_update'] = 8400; it is behaving better than previous, By doing this u may have security issue as session will take much time to update and till update session id will remain same.

More I am also searching a perfect solution for this, I have also worked for ajax like many other threads on stackoverflow explained, but that does not work for me.

In the DB (ci_sessions table) i have also changed the field type of user_agent to text, it also does not work for me.

Answer 4

Are you storing your sessions in the DB (ci_sessions table) ? Try changing the field type of user_agent to mediumtext. It's varchar255 by default and some user agent strings are longer, and this can cause logouts.