Having problems with the session cookies. I’m getting logged out when just browsing around my sites when logged in. Sometimes (quite rightly) it times out after inactivity. But other times it just logs me out randomly.
This is for a CMS so it needs to allow page inactivity for 20 mins or so (in case they are writing a long page), but then it automatically updates the page every 30 seconds anyway, so there is always activity, but I want the session to stay logged in for 20 minutes before expiring.
I need the optimum, secure configuration for the session cookies - what do people recommend?
Hey not sure what I’m losing to be honest, I’ll have to try and find that out.
To view you’re session data, stick the attatched profiuler in your libs directory and enable the profiler
$this->output->enable_profiler(true);
This makes it so much easier to keep track of what session data you have set when
(I can’t take credit for creating this, but I can;t remember who did)
hi I’m also having trouble with my logout. It does not totally destroy the session coz I did try to paste the url and it seems I can get into without entering my username and password
here’s my code
function logout() { $this->session->sess_destroy(); redirect('login/index'); }
Well, we’d have to see what Auth->CheckAuth() is returning.
2 ways to attack this:
1) The easiest, load up Firebug and watch the sessions tab. Login, then logout and watch for the change in session state.
2) Login, edit your process_login() method to add a print_r($data[‘query’]) statement, logout and you should go back to the process_login(). If it does, in fact, log you back in you will be able to see what was returned in $data[‘query’] and debug from there.
1) The easiest, load up Firebug and watch the sessions tab. Login, then logout and watch for the change in session state.
What? Since when did Firebug get a session tab, I installed the latest version last week and don’t have that
Also, as the sessions in CI are encrypted cookies, would it still work?
What? Since when did Firebug get a session tab, I installed the latest version last week and don’t have that
Also, as the sessions in CI are encrypted cookies, would it still work?
Sorry, I meant the Cookies tab. Encrypted cookies are an option that he has turned off (and of course, you would turn off if you needed to debug something like this). Personally, I leave encryption off until I go production - since it’s just a flick of a boolean, nothing else needs to change in your code.
I didn’t even realise I could turn off cookie encryption… never needed to either (yet)
I prefer to use the profiler extension I mentioned in post [URL=http://codeigniter.com/forums/viewthread/114301/#578581]#5[/URL] which shows me all my session data along with the profiler
