Session logout problems | CodeIgniter Forums

2 of 2

Session logout problems

Stu Green

Posted: 18 May 2009 10:04 AM

[ Ignore ] [ # 16 ]

Lab Assistant

Total Posts: 112

Joined 03-09-2009

Cheers guys i’ll try the profiler

Signature

——————————

Stu,
Huge fan of CodeIgniter and managing director of Haloweb Ltd.

Our stuff:
Free Open Source CMS - Halogy, built on CodeIgniter
Free Invoice Software - Invoice Bubble, built on CodeIgniter
Simple Project Management Software - Project Bubble, built on CodeIgniter

Profile

chandrajatnika

Posted: 12 January 2011 02:04 AM

[ Ignore ] [ # 17 ]

Grad Student

Total Posts: 54

Joined 07-12-2008

I have the same problems… this is my config..

$config['sess_cookie_name']    = 'ci_session';
$config['sess_expiration']    = 7200;
$config['sess_encrypt_cookie']    = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']    = 'login_sessions';
$config['sess_match_ip']    = TRUE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']     = 1800; 

What in the profiler that I should see????

Signature

I’m a PHP Codeigniter programmer from Indonesia, nice to know you ^_^ http://chandrajatnika.com/

Profile

Dan Allen

Posted: 08 February 2012 02:56 PM

[ Ignore ] [ # 18 ]

Summer Student

Total Posts: 4

Joined 02-08-2012

Hi. We have the same problem. Users are logged out randomly. It is not timeout and it is not repeatable by going back to where the logout happened and repeating the operations that preceded the logout. The problem appears random.

The problem started when we implemented database-based CI_Sessions. Prior to that, the random logging out was not happening.

Using the tips above to work through the problem. Will post results.

In the meantime, I wanted to bump this thread, to let others know they are not alone, and in case more information might be available now.

I don’t see any actual solutions yet. I was hoping there would be a known solution to this relatively common but terrible problem.

As always, any comments, questions, suggestions, concerns, etc. will be extremely much appreciated.

Best regards,
Dan

Profile

Dan Allen

Posted: 10 February 2012 02:19 PM

[ Ignore ] [ # 19 ]

Summer Student

Total Posts: 4

Joined 02-08-2012

We solved by working with session configuration variables in two places. No code changes were needed.

Spotting the configuration problem was complicated by my my misunderstanding of how variables in the application/libraries do not necessarily (maybe never) override variables in the application/config. I am still not 100% understanding, but I think we fixed with the settings below.

We traced the problem inside the application/libraries/Session/sess_update()

if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
        {
            log_message('debug', "Session update NO");
            return;
        }
        log_message('debug', "Session update YES");
        ... 

The CI log (and ci_session table) showed the session update was not happening, leading to expiration of the session.

The action of deleting the session records from the DB may have been caused by a combination of too much time on $sess_time_to_update leading to deletion of the record by the garbage collection function. The apparent random occurrence of the logging out would be explained by the random function controlling the frequency of when the garbage collection function is executed.

The specific settings we run for the moment are below. I am sure the $sess_time_to_update could be increased significantly while $sess_expiration could be decreased. We had ours mixed up, so these settings are ultra liberal on not logging people out or nailing them with inadvertent garbage collection.

SETTINGS THAT APPEAR TO WORK

//application/libraries/Session.php
//---------------------------------
    var $sess_expiration            = 10800; 
    var $sess_time_to_update        = 30;
    var $gc_probability             = 5;  // causes garbage collection to run 5% of the time, 
                                          // at random intervals


//application/config/config.php
//----------------------------
    var $sess_expiration      = 10800;
    var $sess_time_to_update      = 30;
    var $gc_probability              = 5; 

SETTINGS THAT DID NOT WORK

//application/libraries/Session.php
//---------------------------------
    var $sess_expiration            = 7200; 
    var $sess_time_to_update        = 300;
    var $gc_probability             = 5;


//application/config/config.php
//----------------------------
    var $sess_expiration     = 0;
    var $sess_time_to_update     = 1500; 

Hope this helps someone down the line.

In the meantime, CI rocks. What else can I say?

Best regards,
Dan

Profile

Dan Allen

Posted: 15 February 2012 09:42 AM

[ Ignore ] [ # 20 ]

Summer Student

Total Posts: 4

Joined 02-08-2012

Dan Allen - 10 February 2012 02:19 PM
The action of deleting the session records from the DB may have been caused by a combination of too much time on $sess_time_to_update leading to deletion of the record by the garbage collection function. The apparent random occurrence of the logging out would be explained by the random function controlling the frequency of when the garbage collection function is executed.

MORE ABOUT FAILURE SEQUENCE AT OUR SITE - WHY RANDOM TIMING?
Session time out was not causing the random logout. Instead, the session would just keep running, even though time had expired. That is because of the imbalanced configuration values were causing checks for expiration to fail (not logout when session time has run out).

The user logout comes when garbage collection comes by to delete expired ci_session records in the database. GC spots expired records, deletes them, knocking the user to the login screen.

The reason the timing appears random, is garbage collection (GC) runs on a schedule that includes a php rand() function. When GC is called, it runs only if rand() generates a number within a certain range.

Profile

InsiteFX

Posted: 15 February 2012 02:33 PM

[ Ignore ] [ # 21 ]

Research Scientist

Total Posts: 5366

Joined 06-19-2009

If you are running CI 2.1.0 then make sure that your session table is correct because they made an update to it awhile back! See below new session table.

-- ------------------------------------------------------------------------

--
-- Table structure for CodeIgniter 2.1.0 `ci_sessions`.
--
DROP TABLE IF EXISTS `ci_sessions`;

CREATE TABLE IF NOT EXISTS  `ci_sessions` (
  `session_id`    varchar(40)           DEFAULT '0' NOT NULL,
  `ip_address`    varchar(16)           DEFAULT '0' NOT NULL,
  `user_agent`    varchar(120)                      NOT NULL,
  `last_activity` int(10)      unsigned DEFAULT 0   NOT NULL,
  `user_data`     text,
  PRIMARY KEY (`session_id`),
  KEY `last_activity_idx` (`last_activity`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci ;

-- ------------------------------------------------------------------------
--  `user_data` text,       COMMENT - maximum length of 65535 characters.
--  `user_data` mediumtext, COMMENT - maximum length of 16777215 characters.
--  `user_data` longtext,   COMMENT - maximum length of 4294967295 characters.
-- ------------------------------------------------------------------------ 

If the table is not correct it will cause logouts…

Signature

Custom Designed Icons, eBook Covers Software Boxes. CD, DVD Etc. New iPhone® Tab Bar Icons and iPhone® Applications Icons.

STOP! Before posting your questions, remember the WWW Golden rule:
What did you try? What did you get? What did you expect to get?

Input -> Controller | Processing -> Model | Output -> View

Profile

Dan Allen

Posted: 15 February 2012 02:35 PM

[ Ignore ] [ # 22 ]

Summer Student

Total Posts: 4

Joined 02-08-2012

Thanks for the heads up and taking time to reply.

It happens we are running CI 1.7.3. Will be back to this when we move to the latest version. Much appreciated.

Profile

InsiteFX

Posted: 15 February 2012 02:38 PM

[ Ignore ] [ # 23 ]

Research Scientist

Total Posts: 5366

Joined 06-19-2009

IE Browsers do not like the under score in the cookie name. I think MS fixed it in IE 9.

Signature

Custom Designed Icons, eBook Covers Software Boxes. CD, DVD Etc. New iPhone® Tab Bar Icons and iPhone® Applications Icons.

STOP! Before posting your questions, remember the WWW Golden rule:
What did you try? What did you get? What did you expect to get?

Input -> Controller | Processing -> Model | Output -> View

Profile

theshiftexchange

Posted: 18 February 2012 08:33 PM

[ Ignore ] [ # 24 ]

Lab Assistant

Total Posts: 237

Joined 05-05-2009

chandrajatnika - 12 January 2011 02:04 AM
I have the same problems… this is my config..
$config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'login_sessions'; $config['sess_match_ip'] = TRUE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 1800;

What in the profiler that I should see????

Turn sess_match_ip to FALSE

I had this exact issue - and after debugging for hours (including watching the DB sessions live) I was able to work out that the IP address of some users was ‘cycling’, and thus destroying the session.

Also - change “ci_session” to “cisession” for the cookie name (no underscores)

Profile

2 of 2

‹‹ How to create RSS feed How default is the default controller ››

Username		Remember Me?
Password		forgot password?