session token changes in codeigniter
I have a web application, in which i give an option of logging out. On logout the session is distroyed ie. deleted by sess_destroy() in system>libraries>Session.php.
but whenever the user logs out, token corresponding to user is deleted but instead new token is created in session table without any userdata.
Following is the flow it goes through when i redirect the user to login page again, the flow goes like this,
logout -> __construct() in login page -> __construct() in CI_Controller ->initialize() in Loader.php -> _ci_autoloader() in Loader.php -> $autoload['libraries'] in autoload.php -> __construct() in Session.php ->
if ( ! $this->sess_read())
$this->sess_create();
else
$this->sess_update();
then in sess_read(),
$session = $this->CI->input->cookie($this->sess_cookie_name);
// No cookie? Goodbye cruel world!...
if ($session === FALSE)
log_message('debug', 'A session cookie was not found.');
return FALSE;
hence another it goes in sess_create(),and creates another session,
$this->userdata = array(
'session_id' => md5(uniqid($sessid, TRUE)),
'ip_address' => $this->CI->input->ip_address(),
'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
'last_activity' => $this->now,
'user_data' => ''
);
when the sessions is created, it is assigned to the cookie, when the session is destroyed that cookie is deleted. but as soon as new page is loaded and session library is loaded along with it, it inserts new row in session table.
which increases the size of database, i would appreciate a suggestion by the community on this matter. also is anyone else facing the same issue?
p.s. I am using CI2
session destry,
function sess_destroy()
// Kill the session DB row
if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
// Kill the cookie
setcookie(
$this->sess_cookie_name,
addslashes(serialize(array())),
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
// Kill session data
$this->userdata = array();
php codeigniter session
asked Nov 13 '18 at 11:25
shellbotshellbot
237
add a comment |
I have a web application, in which i give an option of logging out. On logout the session is distroyed ie. deleted by sess_destroy() in system>libraries>Session.php.
but whenever the user logs out, token corresponding to user is deleted but instead new token is created in session table without any userdata.
Following is the flow it goes through when i redirect the user to login page again, the flow goes like this,
logout -> __construct() in login page -> __construct() in CI_Controller ->initialize() in Loader.php -> _ci_autoloader() in Loader.php -> $autoload['libraries'] in autoload.php -> __construct() in Session.php ->
if ( ! $this->sess_read())
$this->sess_create();
else
$this->sess_update();
then in sess_read(),
$session = $this->CI->input->cookie($this->sess_cookie_name);
// No cookie? Goodbye cruel world!...
if ($session === FALSE)
log_message('debug', 'A session cookie was not found.');
return FALSE;
hence another it goes in sess_create(),and creates another session,
$this->userdata = array(
'session_id' => md5(uniqid($sessid, TRUE)),
'ip_address' => $this->CI->input->ip_address(),
'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
'last_activity' => $this->now,
'user_data' => ''
);
when the sessions is created, it is assigned to the cookie, when the session is destroyed that cookie is deleted. but as soon as new page is loaded and session library is loaded along with it, it inserts new row in session table.
which increases the size of database, i would appreciate a suggestion by the community on this matter. also is anyone else facing the same issue?
p.s. I am using CI2
session destry,
function sess_destroy()
// Kill the session DB row
if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
// Kill the cookie
setcookie(
$this->sess_cookie_name,
addslashes(serialize(array())),
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
// Kill session data
$this->userdata = array();
php codeigniter session
asked Nov 13 '18 at 11:25
shellbotshellbot
237
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50
add a comment |
I have a web application, in which i give an option of logging out. On logout the session is distroyed ie. deleted by sess_destroy() in system>libraries>Session.php.
but whenever the user logs out, token corresponding to user is deleted but instead new token is created in session table without any userdata.
Following is the flow it goes through when i redirect the user to login page again, the flow goes like this,
logout -> __construct() in login page -> __construct() in CI_Controller ->initialize() in Loader.php -> _ci_autoloader() in Loader.php -> $autoload['libraries'] in autoload.php -> __construct() in Session.php ->
if ( ! $this->sess_read())
$this->sess_create();
else
$this->sess_update();
then in sess_read(),
$session = $this->CI->input->cookie($this->sess_cookie_name);
// No cookie? Goodbye cruel world!...
if ($session === FALSE)
log_message('debug', 'A session cookie was not found.');
return FALSE;
hence another it goes in sess_create(),and creates another session,
$this->userdata = array(
'session_id' => md5(uniqid($sessid, TRUE)),
'ip_address' => $this->CI->input->ip_address(),
'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
'last_activity' => $this->now,
'user_data' => ''
);
when the sessions is created, it is assigned to the cookie, when the session is destroyed that cookie is deleted. but as soon as new page is loaded and session library is loaded along with it, it inserts new row in session table.
which increases the size of database, i would appreciate a suggestion by the community on this matter. also is anyone else facing the same issue?
p.s. I am using CI2
session destry,
function sess_destroy()
// Kill the session DB row
if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
// Kill the cookie
setcookie(
$this->sess_cookie_name,
addslashes(serialize(array())),
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
// Kill session data
$this->userdata = array();
php codeigniter session
asked Nov 13 '18 at 11:25
shellbotshellbot
237
I have a web application, in which i give an option of logging out. On logout the session is distroyed ie. deleted by sess_destroy() in system>libraries>Session.php.
but whenever the user logs out, token corresponding to user is deleted but instead new token is created in session table without any userdata.
Following is the flow it goes through when i redirect the user to login page again, the flow goes like this,
logout -> __construct() in login page -> __construct() in CI_Controller ->initialize() in Loader.php -> _ci_autoloader() in Loader.php -> $autoload['libraries'] in autoload.php -> __construct() in Session.php ->
if ( ! $this->sess_read())
$this->sess_create();
else
$this->sess_update();
then in sess_read(),
$session = $this->CI->input->cookie($this->sess_cookie_name);
// No cookie? Goodbye cruel world!...
if ($session === FALSE)
log_message('debug', 'A session cookie was not found.');
return FALSE;
hence another it goes in sess_create(),and creates another session,
$this->userdata = array(
'session_id' => md5(uniqid($sessid, TRUE)),
'ip_address' => $this->CI->input->ip_address(),
'user_agent' => substr($this->CI->input->user_agent(), 0, 120),
'last_activity' => $this->now,
'user_data' => ''
);
when the sessions is created, it is assigned to the cookie, when the session is destroyed that cookie is deleted. but as soon as new page is loaded and session library is loaded along with it, it inserts new row in session table.
which increases the size of database, i would appreciate a suggestion by the community on this matter. also is anyone else facing the same issue?
p.s. I am using CI2
session destry,
function sess_destroy()
// Kill the session DB row
if ($this->sess_use_database === TRUE && isset($this->userdata['session_id']))
$this->CI->db->where('session_id', $this->userdata['session_id']);
$this->CI->db->delete($this->sess_table_name);
// Kill the cookie
setcookie(
$this->sess_cookie_name,
addslashes(serialize(array())),
($this->now - 31500000),
$this->cookie_path,
$this->cookie_domain,
0
);
// Kill session data
$this->userdata = array();
php codeigniter session
php codeigniter session
asked Nov 13 '18 at 11:25
shellbotshellbot
237
asked Nov 13 '18 at 11:25
shellbotshellbot
237
edited Nov 13 '18 at 11:42
shellbot
asked Nov 13 '18 at 11:25
shellbotshellbot
237
asked Nov 13 '18 at 11:25
shellbotshellbot
237
asked Nov 13 '18 at 11:25
shellbotshellbot
237
237
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50
add a comment |
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50
add a comment |
1 Answer
1
active
oldest
votes
This is not unexpected in CI as Sessions are created/update whenever a visitor accesses anything that uses the session library.
The fact that those sessions are "empty" (because the user is not logged in) is a little bit irrelevant. You could periodically empty the sessions table (by deleting all sessions with no data) but the amount of space you'll salvage is not that much.
All the above said, if you want to prevent the behavior you're experiencing, instead of destroying the session, just unset its variables so that it becomes empty.
unset ($this->session->userdata);
That way, the user will keep having the same session cookie and the only change is that it'll loose the data it contains in the database, effectively logging the user out.
EDIT: I'm not particularly familiar with CI 2 as all my code is on CI3 now and anything I once had on CI2 is long gone. But it looks like you're going through some unnecesary hoops with the session management rather than fully relying on CI's built-in functionality, which may be a little bit sub-optimal
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53279996%2fsession-token-changes-in-codeigniter%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
This is not unexpected in CI as Sessions are created/update whenever a visitor accesses anything that uses the session library.
The fact that those sessions are "empty" (because the user is not logged in) is a little bit irrelevant. You could periodically empty the sessions table (by deleting all sessions with no data) but the amount of space you'll salvage is not that much.
All the above said, if you want to prevent the behavior you're experiencing, instead of destroying the session, just unset its variables so that it becomes empty.
unset ($this->session->userdata);
That way, the user will keep having the same session cookie and the only change is that it'll loose the data it contains in the database, effectively logging the user out.
EDIT: I'm not particularly familiar with CI 2 as all my code is on CI3 now and anything I once had on CI2 is long gone. But it looks like you're going through some unnecesary hoops with the session management rather than fully relying on CI's built-in functionality, which may be a little bit sub-optimal
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
add a comment |
This is not unexpected in CI as Sessions are created/update whenever a visitor accesses anything that uses the session library.
The fact that those sessions are "empty" (because the user is not logged in) is a little bit irrelevant. You could periodically empty the sessions table (by deleting all sessions with no data) but the amount of space you'll salvage is not that much.
All the above said, if you want to prevent the behavior you're experiencing, instead of destroying the session, just unset its variables so that it becomes empty.
unset ($this->session->userdata);
That way, the user will keep having the same session cookie and the only change is that it'll loose the data it contains in the database, effectively logging the user out.
EDIT: I'm not particularly familiar with CI 2 as all my code is on CI3 now and anything I once had on CI2 is long gone. But it looks like you're going through some unnecesary hoops with the session management rather than fully relying on CI's built-in functionality, which may be a little bit sub-optimal
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
add a comment |
This is not unexpected in CI as Sessions are created/update whenever a visitor accesses anything that uses the session library.
The fact that those sessions are "empty" (because the user is not logged in) is a little bit irrelevant. You could periodically empty the sessions table (by deleting all sessions with no data) but the amount of space you'll salvage is not that much.
All the above said, if you want to prevent the behavior you're experiencing, instead of destroying the session, just unset its variables so that it becomes empty.
unset ($this->session->userdata);
That way, the user will keep having the same session cookie and the only change is that it'll loose the data it contains in the database, effectively logging the user out.
EDIT: I'm not particularly familiar with CI 2 as all my code is on CI3 now and anything I once had on CI2 is long gone. But it looks like you're going through some unnecesary hoops with the session management rather than fully relying on CI's built-in functionality, which may be a little bit sub-optimal
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
This is not unexpected in CI as Sessions are created/update whenever a visitor accesses anything that uses the session library.
The fact that those sessions are "empty" (because the user is not logged in) is a little bit irrelevant. You could periodically empty the sessions table (by deleting all sessions with no data) but the amount of space you'll salvage is not that much.
All the above said, if you want to prevent the behavior you're experiencing, instead of destroying the session, just unset its variables so that it becomes empty.
unset ($this->session->userdata);
That way, the user will keep having the same session cookie and the only change is that it'll loose the data it contains in the database, effectively logging the user out.
EDIT: I'm not particularly familiar with CI 2 as all my code is on CI3 now and anything I once had on CI2 is long gone. But it looks like you're going through some unnecesary hoops with the session management rather than fully relying on CI's built-in functionality, which may be a little bit sub-optimal
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
answered Nov 13 '18 at 11:56
Javier LarrouletJavier Larroulet
1,3381416
1,3381416
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53279996%2fsession-token-changes-in-codeigniter%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Please show us how you destroy your session
– Lithilion
Nov 13 '18 at 11:35
@Lithilion please check the updated code. Thank you
– shellbot
Nov 13 '18 at 11:42
I assume that you destroy the session and data and redirect to a "Logged out" page or the index. Could it be that you start a new session there?
– Lithilion
Nov 13 '18 at 11:48
yes when the user logs out, i redirect user to login page. There when the control flow goes to autoload.php the session library is loaded and in session's construct, another session is started without any data.
– shellbot
Nov 13 '18 at 11:50