Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

codeigniter session custom data lost, but not on localhost

I have this weird problem with my ci sessions. On localhost is works fine, but online the log shows the error:

The session cookie data did not match what was expected. This could be a possible hacking attempt.

I removed all cookies and emptied the sessions table. I also set user_agent length to 255. Basepath is also correct. What is notice when I log the session id's is the following:

On the login page and when checking username/pw the id is the same, then I go to my members area where the id has changed.

Another example:
1. I go to members area, session id is set, i'm not logged in, im sent to login
2. On login page, session id is changed, i login
3. Validation, session id is unchanged, i'm validated and sent to members area
4. On members area, session id is changed, i'm not logged in.

On the login page, my sessions table counts 0 rows, when i login the sessions table counts 2/3 rows. 1 of them, but not the one with the current session id holds all the correct data.

Hopefully someone can help me with this.

like image 837
Meddie Avatar asked May 09 '12 14:05

Meddie


2 Answers

I think Codeignitor native php session library has the problems. It cause the problems that you are describing because if the cookies is not set, it won’t set. Furthermore it won’t be able to recognize the session. In order to avoid this problem you can use Native Session Class

Here are few links to support my answer. Problems with cookies / MAMP / Codeingiter http://myphplibrary.blogspot.in/2012/03/codeigniter-session-issue-fixation.html

like image 132
Moyed Ansari Avatar answered Nov 10 '22 08:11

Moyed Ansari


A couple of things to check;

  1. The server local time vs your local time - perhaps the cookie is expiring as it is set? To confirm - set the $config['sess_expiration'] time to like 9999999 and see if it works

  2. Turn off $config['encrypt_cookie']

  3. Turn off $config['sess_match_ip']

  4. Make sure you have set the correct cookie information:

    $config['cookie_prefix']    = "";
    $config['cookie_domain']    = // YOUR DOMAIN
    $config['cookie_path']      = // YOUR BASE URI
    $config['cookie_secure']    = FALSE;
    
like image 31
Laurence Avatar answered Nov 10 '22 09:11

Laurence