Codeigniter session bugging out with ajax calls

Question

My CodeIgniter app uses the session library and saves data to the DB.

I've been having some problems where blank sessions are created after a certain ajax call.

Upon investigating, it seems that there were 2 simultaneous functions calls that fired off that require a session validation. One would fail and the other would be fine.

I was able to fix this by not having them fire off simultaneously. But I still don't understand the REASON why it fails. Does it have to do with one call updating the user cookie and the 2nd call invalidating? Or maybe when reading the DB it dies somehow?

I looked over the Session core class a bit and have not found any clues to the cause.

If any one had the same problem before I would appreciate any advice on how to debug or what the cause is.

Thanks!

EDIT:

I originally said there was a 408 status return. That was an unrelated case.

This is the function that fires off MyVar.refresh() in parallel:

function (event) {     var self$ = this.a$;     var uid  = this.b$.val();     var tid  = this.c$.val();     var jqxhr = $.post('/controller1/index',{'uid':uid,'tid':tid,'action':true},function(re)     {         if(re.message != 'success')         {             MyVar.alert('<span class="msg_error sprite"></span>' + re.error);             MyVar.refresh();         }       },'json');     MyVar.refresh();     return stopDefault(event); }; 

POSSIBLE SOLUTIONS:

Found this: http://codeigniter.com/forums/viewthread/102456/

Apparently it doesn't play well with ajax. One solution is to disallow session update if it is an ajax call; only problem is that our site is mostly built with ajax..

Also, just lowered the sess_time_to_update to something very frequent and ajax was doing fine. Also did a browser refresh and it did not timeout. Not sure why if the session ID has already changed upon an ajax call and browser cookies were never updated.

Answer 1

Try this

<?php /**  * ------------------------------------------------------------------------  * CI Session Class Extension for AJAX calls.  * ------------------------------------------------------------------------  *  * ====- Save as application/libraries/MY_Session.php -====  */  class MY_Session extends CI_Session {      // --------------------------------------------------------------------      /**      * sess_update()      *      * Do not update an existing session on ajax or xajax calls      *      * @access    public      * @return    void      */     public function sess_update()     {         $CI = get_instance();          if ( ! $CI->input->is_ajax_request())         {             parent::sess_update();         }     }  }  // ------------------------------------------------------------------------ /* End of file MY_Session.php */ /* Location: ./application/libraries/MY_Session.php */ 

The problem is in the sess_update function of the session class, that generates a new session_id after X seconds. Every page have a session_id, if the session_id expires before the ajax call is made, that call will fail.

Create a php file in /application/libraries/ with the name MY_Session (or whatever prefix you set), paste this code there and that is all. This function will override the sess_update function in the session class, checking on every request if that request was made by ajax, skipping the sess_update function.

Its a bad idea set the sess_expiration at higher values. This is a security feature that will protect you against session hijaking

PD: i'm not very fluent in english, if you dont understand something just let me know.