2

I am working on a web app at the moment, the users logs in a session is created and logged to the database.

What is occurring is that a user will get randomly get logged out, through no option of their own. The backstory is that this is generally happening to users who are sharing an account (not the best thing but the nature of the app, means it needs to be allowable).

Could this be the reason for the random logouts? Or is something deeper in CI and storing sessions in the database? I also read that doing a lot of AJAX requests close together can cause the SESSION ID to change, and the could then overwrite the database record and log the user out. Again is this a possibility? I think this one is less so as I have written a patch to stop this happening.

SESSION CONFIG:

$config['sess_cookie_name']     = 'app';
$config['sess_expiration']      = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update']  = 300;
$config['sess_use_multisessions'] = TRUE;
$config['sess_multisession_expiration'] = 10;
Improve this question
10
  • 1
    Why dont you share some of your code? Its always preferable to share your code to get the maximum response on your question Commented Oct 22, 2013 at 10:53
  • What do you want to see? The login code that creates the SESSION? Commented Oct 22, 2013 at 10:55
  • What happens if you open an incognito session and try login with the same account? Commented Oct 22, 2013 at 10:55
  • If you can share the handling of incognito session.... Commented Oct 22, 2013 at 10:57
  • check session_expiration in config file..make sure its value is 0. Do share the session config variables from config file Commented Oct 22, 2013 at 11:02

4 Answers 4

Reset to default
1

Sorry, for my previous answer. I was wrong. I am not sure about this two config settings, not able to find in the CI manual also.

$config['sess_use_multisessions'] = TRUE;
$config['sess_multisession_expiration'] = 10;

But, this won't make any problem.

Please try by making $config['sess_match_useragent'] to TRUE.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post.
I have modified my answer. Please check my edited answer again.
0

Are you storing your sessions in the DB (ci_sessions table) ? Try changing the field type of user_agent to mediumtext. It's varchar255 by default and some user agent strings are longer, and this can cause logouts.

Improve this answer

Comments

0

I have changed my config setting $config['sess_time_to_update'] = 300; to $config['sess_time_to_update'] = 8400; it is behaving better than previous, By doing this u may have security issue as session will take much time to update and till update session id will remain same.

More I am also searching a perfect solution for this, I have also worked for ajax like many other threads on stackoverflow explained, but that does not work for me.

In the DB (ci_sessions table) i have also changed the field type of user_agent to text, it also does not work for me.

Improve this answer

Comments

0

By using this function, I solved my issue related to session storage:

$config['sess_save_path'] = sys_get_temp_dir();
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.