The problem lies in the fact that IE8 removes the CI session cookie even though the expiration timestamp should prevent this
NOTE: Above happens especially when you would like to use client redirect via: header( “Location: ” ) call instead of following the link click
My solution is to patch one line of the Session::_set_cookie() method in your Session.php:
function _set_cookie($cookie_data = NULL)
{
/* HERE WE HAVE SOME CODE WHICH WE DO NOT TOUCH... */
/* ... WE CHANGE THE setcookie() CALL BY CHANGING THE */
/* THIRD PARAM TO 0 (originally the third parameter */
/* was set to $this->sess_expiration + time() */
// Set the cookie
setcookie(
$this->sess_cookie_name,
$cookie_data,
0, // <--- HERE YOU PLACE THE 0
$this->cookie_path,
$this->cookie_domain,
0
);
}
By patching as described above (third param of setcookie set to 0) we instruct the browser not to delete the cookie until the browser session is finished (so in most cases until the browser is closed).
What we might also want to do is to make sure we have following call somwhere in code of our controller:
$this->session->set_userdata('last_activity' => $this->session->_get_time());
This ensures that the lastActivity (in CI 1.7.2) is updated in database to the current timestamp. Thanks to this CI session will be destroyed after the inactivity time passes (so the “inactivity logout” will still work even though the cookie will not be deleted by the browser..) <- beware however that CI must still execute call to _sess_gc() to destroy the session.. and this call depends on value of $gc_probability.. so when testing this the best is to set the $gc_probability to 100)
NOTE: If you implement this you might want to omit call to $this->session->_get_time() since this is marked as CI private method. In this case write your own method to get the time
