I have a site which does a few ajax calls on page load. For some reason, CodeIgnitor is inserting 4 sessions (I'm assuming one for each ajax call) as you load the page. I'm storing the sessions in the database.
I'm pretty sure there should only be one session per browser. Firefox seems to generate only one; other browsers seem to create a whole bunch of sessions. Multiple sessions for the same user are giving me some serious authentication problems.
Why is this happening? How can I stop it?
I know the discussion took place while ago, but somebody might find this useful.
By now I've used CI session without storing its data in database. Today I decided to give it a try and immediately run across the same problem: CI was generating new session in every page load.
I checked my server time, timezone, my cookie etc. - everything I could find as a tip on forums - with no result. Then decided to debug the CI Session class myself.
Long story short, it turned out that my user_agent field in my session table was too small - VARCHAR 50 - which cuts the original user_agent string - hence CI doesn't find my session and generates onother one. I just increased the user_agent field size to 200 and everything works like a charm.
I forgot to mention that I use Mac OS X Lion.
Again, hope this will help somebody.
Check the date / time on your client OS, and on your server.
I know its too late, but maybe someone finds this page while looking for the answer...
I think it happens because CI sets an expiration time on the cookie containing the session id and if the time difference between the server and client is higher than the expiration time the cookie gets old and the server will generate a new session for the client on every request. Never took the time to figure out the exact mechanism, but happened to me several times, and this fix always worked.
I've found this topic with same problem: on every page CI generates new session. Possible solution: remove underscored from site name ( NOT "my_test_site.com", but "my-test-site.com"). At least, this helped in my situation.
Check your config.php file and make sure the cookie options are properly filled out. If they are not it cant track the user and it will gen a new session on every page load.
Check the date / time on your client OS, and on your server.
I had the same situation and confirm the solution as a fix
$config['cookie_domain'] = "example.com";
Use your domain name in this snippet.
Related
I wonder if the following would be a good Idea or rather contra-productive performance-wise:
An Ajax-Application, like for example a pagebrowser needs some language- and config-values, which are stored in the database. So each time, the user is using this app, in the ajax-script the mysql-query to get the variables is done again and again. concidering this for a pagebrowser, there might be like 10 or more requests (back and forward, back, forward, and so on), aka 10 x database-select, while it is needed only one time actually.
My idea was, to safe the config-vars in a session-array the first time, the ajax-app is requested. If the sessions-array exists, the mysql-query isnt done again.
if the user calls another regular page, these session-array is deleted again.
Now im not really sure, what would consume more server-resources, using sessions in the above described way for saving the vars teporarily, or just using a mysql-query to get the vars each time, the user klicks the ajax-app.
Thanx in advance, Jayden
If you working with massive amount of data, you could consider using Cookies as well instead of session for server resources, which will be stored in the user's local browser.
I'd bet sessions would be more effective, but the best way is to test and measure the different execution times.
So let's say user did something on my website, for example uploaded some images or whatever, and he left without logging out and never came back or let's say he did come back after few months.
So my question would be, is there some kind of way for example to delete his uploaded files after session have expired, let's say after 30 mins (keep in mind that user never reloaded page), so that would need to run entirely on server side without user interfering at all.
EDIT Thank you all for your wonderful answers, it gave me quite a few great ideas, i wish i could accept all of your answers :)
Good question! My first idea was to use a database based solution. If you don't already, you'd keep track of all active sessions in a table sessions which contains, among other things you may need, the session_id and the last_visited_time. This entry would be updated every time a user visits your site:
UPDATE sessions WHERE session_id = "<current session id>" SET last_visited_time = NOW()
The second part of the mechanism would be a cronjob that scans the the sessions table for sessions whose last_visisted_time hasn't been updated lately (in whatever time interval you'd like) and deletes the files for that session.
One way would be to call
$thePath = session_save_path();
and iterate over all saved session file, unserialze each and check them for the specified timeout property.
Unfortunately, you need to scan the whole directory to find all session files, which are older than a defined period of time. You'd use start() to figure out the age of a session file.
On a well-maintained server, each virtual host should have a separate directory for its session data. A not-so-well-maintained might store all sessions in a unified shared directory. Therefore, ensure that you don't read or delete other virtual hosts' session data.
Better Approach using a database
Therefore I propose to save session data to your application's backend database. Using SQL, it would be trivial to find all outdated session files.
The documentation for session_set_save_handler() provides a sample, which explains this whole process quite nicely based on objects.
I like all the answers above, but a different solution would be to name the uploaded files in a way that you know they are "temporary", for example prepending their name with a timestamp. This way, a periodic process would clean any such files, unless your program decides that they should be kept after all, renaming them accordingly.
Is there a way to detect when someone leaves your site? So far I know about using ignore_user_abort() but thats about as far as I've gotten.
The reason I need to know this is because I need a script to execute upon someone leaving the site.
Record a timestamp in a database for each user and update this upon each page load (or through AJAX).
When the last updated timestamp is older than a cetain amount of time (30 mins?) you can consider they've left the site and do your code, deleting the entry afterwards.
Idea: a "user" could be a primary key made up of their IP and user agent as an MD5 hash for example.
1) I've found the Session Timeout Warning PHP Example with jQuery/JS article
2) Session timeout in PHP thread
3) Also article on how to do it with jQuery and ColdFusion
I can be done easily using javascript, check this solution
<body onbeforeunload="winCloseFunc();"> =)
Due to the stateless nature of http, there isn't an easy way to tell when someone leaves a site. It is possible to trigger onUnload when they leave a page, but this also fires as they navigate from page to page on your site.
Mozilla's Ref: https://developer.mozilla.org/en/DOM/window.onunload
MS's Ref: http://msdn.microsoft.com/en-us/library/ms536907(v=vs.85).aspx
Normally a session is setup to just expire when the user hasn't been seen in X minutes.
I'm using sessions to store items in a shopping cart. I can create and persist sessions, but with some strange problems:
When I close the tab in Firefox (not the entire browser), the session appears to have been lost. Sometimes it doesn't happen though but usually it does.
Every single time I refresh the page or go to another page, the session ID changes to a new one. I've confirmed this by looking in the cookie with my browser, and also on the server. Also, there are a max of 4 sessions stored on the server at one time. Is all this normal behavior?
The sessions seem to be lost at random intervals...it could be a few minutes or more than an hour.
I just followed the Zend manual but no luck in solving any of this. In the bootstrap I also have Session::start() and Session::rememberMe(). I'm using normal file storage for sessions, just storing in /var/lib/php5 which I think is where Zend framework likes to put it.
Thanks for any direction
If the session data is persisting but the ID is changing then there is a chance there is a call to session_regenerate_id() in there somewhere.
I have run into this before, and you will want to do something like this where you start your session at, for me this is in my Bootstrap.php
if (!empty($_REQUEST['PHPSESSID'])) {
Zend_Session::setId($_REQUEST['PHPSESSID']);
}
Zend_Session::start();
This should solve the issue. When a user has a session, it typically gets passed with every request.
Check your garbage cleanup time for PHP - session.gc_maxlifetime. If it's short, it deletes your session files from under your nose and makes it appear "random".
The default value is 24 minutes (1440 seconds)
This should be set to (or greater than) whatever your cookie lifetime (session.cookie_lifetime) is set for in your application.
I've mentioned it on here before, but still have the problem, so have added some extra info :)
We have a local intranet site that everyone on the network uses, maybe 5% (or even less) of the users that use the site have problems where the session isn't stored properly.
I've tried defining a path manually and whereas most users sessions are created and remain just fine, on the affected machines it seems that it either forgets the cookies are there, or it can't read them, and then goes on to create a new cookie almost every time you refresh a page.
Things to note are...
happens on both the Zend login screen and our systems, so for once it's not my dodgy code!
it only affects <5% of users
it only happens when using IE
it only happens with Windows XP or Vista - Windows 2000 works fine!
it happens to those users on any XP/Vista machine, so I can use my bosses PC and it's fine, but if he uses mine it doesn't work again...
I've tried messing with the security settings in IE too, changing the cookie security to allow all cookies/sessions, but no luck on that either unfortunately. :(
I've tried nettool but it didn't really help much unfortunately, since it just showed that the new cookies/sessions were being created, but didn't say why.
I've also tried checking the date and times are on the same on the server as they are on the workstation, and yup everything is set fine.
The name of the server is 'gc-hr01' - not sure if that should affect anything like this.
Any help would be amazing, really stuck on this.
Thanks!
The session cookie might get refused because of insufficient validity and/or privacy information. Try to make those as specific as possible, for example:
session_set_cookie_params(0, '/path/to/your/php-application', '.www.example.com', false, true);
I know this is an old thread, but in case anyone else happens upon this, the cause of this problem is likely the hyphen in the machine name. Apparently IE7 won't store cookies for domain names with a - or _ because they technically aren't valid. Certainly would be nice to get an error message instead of silently dropping the cookie, wouldn't it?
Could it be that 5% of the users have user information that, when retrieved from the cookie, disrupts the proper reading/decoding/parsing of the cookie server-side?