I'm using ionAuth & it seems to be logging me out almost randomly? I'm using Codeigniter v2.1.4 - it logs in perfect fine however ionAuth seems to log out at random intevals, is there a way to force the session to stay active until I call the ionAuth->logout function?
My CI config looks like as follows:
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 600;
My ion_auth config file looks as follows:
$config['user_expire'] = 0;
$config['user_extend_on_login'] = FALSE;
Can anyone give me any pointers on what might be causing the issue(s)?
The cause of the problem is a session cookie rotation when an AJAX Call is performed, the proper fix was included in CodeIgniter 3
You have four options:
Cope: I faced this problem myself before without knowing exactly the cause of it. In short, I saved the promise of each XMLHttpRequest, if the HTTP status code 401 was encountered, the client side application would request the credentials in the form of a popup, and then retry the AJAX promise.
Client side with jQuery, just add this ajaxError handler:
$(document).ajaxError(function (e, xhr, settings, exception) {
if (xhr.status == 401)
{
// open your popup
$('#login-popup').modal('open');
// attach the xhr object to the listener
$(document).bind( "retry-xhr", {
xhro: xhr
},
function( event ) {
// retry the xhr when fired
$.ajax( event.data.xhro );
});
}
});
and when you are logged back in, just call this to retry your request:
$(document).trigger('retry-xhr');
Server side, you only need to add an if in your constructor
if (!$this->session->userdata('logged_in') && $this->input->is_ajax_request())
{
$this->output->set_status_header('401');
exit;
}
This was useful because some users would leave their web app window open overnight and the session timeout would kick in. Then the users would call me about not being able to do any AJAX function, and I would have to tell them to press F5
ps. if on Angular, I have used the HTTP Auth Interceptor Module successfully
Hack: See this post, his solution is to create another field in the ci_session table and check for both cookies, so your session will still be valid after rotation.
It also explains in detail what is causing this glitch
http://www.hiretheworld.com/blog/tech-blog/codeigniter-session-race-conditions
Upgrade: Start using the next version where it's already fixed:
https://github.com/EllisLab/CodeIgniter/tree/release/3.0
Patch Replace line 346 in system/libraries/Session.php (function sess_update())
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
With:
if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now || $this->CI->input->is_ajax_request())
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With