Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

IonAuth - seems to be randomly logging me out

I'm using ionAuth & it seems to be logging me out almost randomly? I'm using Codeigniter v2.1.4 - it logs in perfect fine however ionAuth seems to log out at random intevals, is there a way to force the session to stay active until I call the ionAuth->logout function?

My CI config looks like as follows:

$config['sess_cookie_name']     = 'cisession';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 600;

My ion_auth config file looks as follows:

 $config['user_expire'] = 0;
 $config['user_extend_on_login'] = FALSE;

Can anyone give me any pointers on what might be causing the issue(s)?

like image 978
Zabs Avatar asked Oct 04 '13 10:10

Zabs


1 Answers

The cause of the problem is a session cookie rotation when an AJAX Call is performed, the proper fix was included in CodeIgniter 3

You have four options:

Cope: I faced this problem myself before without knowing exactly the cause of it. In short, I saved the promise of each XMLHttpRequest, if the HTTP status code 401 was encountered, the client side application would request the credentials in the form of a popup, and then retry the AJAX promise.

Client side with jQuery, just add this ajaxError handler:

$(document).ajaxError(function (e, xhr, settings, exception) {
    if (xhr.status == 401)
    {
        // open your popup
        $('#login-popup').modal('open');

        // attach the xhr object to the listener
        $(document).bind( "retry-xhr", {
                xhro: xhr
            },
            function( event ) {
            // retry the xhr when fired
            $.ajax( event.data.xhro );
        });
    }
});

and when you are logged back in, just call this to retry your request:

$(document).trigger('retry-xhr');

Server side, you only need to add an if in your constructor

if (!$this->session->userdata('logged_in') && $this->input->is_ajax_request())
        {
            $this->output->set_status_header('401');
            exit;
        }

This was useful because some users would leave their web app window open overnight and the session timeout would kick in. Then the users would call me about not being able to do any AJAX function, and I would have to tell them to press F5

ps. if on Angular, I have used the HTTP Auth Interceptor Module successfully

Hack: See this post, his solution is to create another field in the ci_session table and check for both cookies, so your session will still be valid after rotation.

It also explains in detail what is causing this glitch

http://www.hiretheworld.com/blog/tech-blog/codeigniter-session-race-conditions

Upgrade: Start using the next version where it's already fixed:

https://github.com/EllisLab/CodeIgniter/tree/release/3.0

Patch Replace line 346 in system/libraries/Session.php (function sess_update())

if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)

With:

if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now || $this->CI->input->is_ajax_request())
like image 61
Josue Alexander Ibarra Avatar answered Nov 17 '22 22:11

Josue Alexander Ibarra