Part of the EllisLab Network
CodeIgniter  >   Forum Home  >  CodeIgniter Development Forums  >  Bug Reports  >  Thread
   
 
No “non-persistent” session possibility (one solution)
 
SeViR CW
Posted: 20 November 2006 08:51 AM   [ Ignore ]  
Summer Student
Total Posts:  11
Joined  10-28-2006

For my RSAuth Library I need that session cookies are deleted on Browser exit, so I need that the cookie expiration is null.

In the Session Library and config.php you only can configure some expiration time, or unlimited time (really add 2 years). So I mod the session library adding another possibility, if I set $config[‘sess_expiration’] = -1; (negative seconds) the session cookie is created with null parameter in expiration time (the session cookie expire on browser exit). I only change one line in the Session Library in the function sess_write line 278:

function sess_write()
    {                                
        $cookie_data = serialize($this->userdata);
        
        if ($this->encryption == TRUE)
        {
            $cookie_data = $this->CI->encrypt->encode($cookie_data);
        }

        setcookie(
                    $this->sess_cookie,
                    $cookie_data,
/**HERE**/                 ($this->CI->config->item('sess_expiration') < 0)?null:($this->sess_length + time()),  /***HERE***/
                    $this->CI->config->item('cookie_path'),
                    $this->CI->config->item('cookie_domain'),
                    0
                );
    }

I suggest change the session library base to support “non-persistent” cookies. I would suggest…

1. Another config option: $config[‘is_persistent’] = FALSE / TRUE;
2. In session library constructor ...
  $this->is_persistent = $this->CI->config->item(‘is_persistent’);
3. sess_write function ...

setcookie(
                    $this->sess_cookie,
                    $cookie_data,
/**HERE**/                 ($this->is_persistent)?($this->sess_length + time()):null,  /***HERE***/
                    $this->CI->config->item('cookie_path'),
                    $this->CI->config->item('cookie_domain'),
                    0
                );


¿Another solutions?
Profile
 
 
Oscar Bajner
Posted: 22 November 2006 01:44 PM   [ Ignore ]   [ # 1 ]  
Research Assistant
Avatar
RankRankRank
Total Posts:  472
Joined  09-26-2006

EDIT:
This is not a bug but correct CI behaviour. Suggest this be re-posted to feature request forum.

Hi

This is something I have found would make more sense for the CI session library.
It would be more logically intuitive for a config session expiration of zero to mean
cookie expires on browser exit. (same as PHPSESSION)

I tried your code out and it will work.
However, there are a couple of things to be aware of:

If you change the config sess expiration to -1, there is some code in the session class (lines 103 - 110) which does
the following :

$expiration = $this->CI->config->item('sess_expiration');
        
        if (is_numeric($expiration))
        {
            if ($expiration > 0)
            {
                $this->sess_length = $this->CI->config->item('sess_expiration');
            }
            else
            {
                $this->sess_length = (60*60*24*365*2);
            }
        }


this->sess->length is used elsewhere and if the database is switched on will result in expired sessions only being garbage collected
after two years.

Two:
Browsers like Microsoft IE v 6 Service pack 1 (and possibly others) do not properly expire non-persistent sessions.
If you have access to IE 6 you can test it out yourself, I have and can confirm it.

This can lead to problems, for example, your session is set to expire at browser exit, forcing the user to login again on revisit.
MS IE 6 users will retain the session, and not have to login again, unless you test for time inactive or something.

This thread, Losing session after login discussed another
problem, where someone also modded session.php to allow non-persistent cookie, and had users report unexpected behaviour.

 Signature 

Old programmers never die, they just parse away.
Profile
 
 
SeViR CW
Posted: 24 November 2006 03:19 AM   [ Ignore ]   [ # 2 ]  
Summer Student
Total Posts:  11
Joined  10-28-2006

I continue the thread in the other thread that you point me Losing session cookie after login
Profile
 
 
   
 
 
‹‹ CI error with MySQL query      Input::_sanitize_globals() doesn’t work ››
Post Marker Legend
New Topic New posts Hot Topic Hot Topic with new posts New Poll New Poll Moved Topic Moved Topic Sticky Topic Sticky topic
Old Topic No new posts Hot Old Topic Hot Topic with no new posts Old Poll Old Poll Closed Topic Closed Topic Announcement Announcements
Theme
Change Theme
Visitor Statistics
The most visitors ever was 719, on June 06, 2008 10:16 AM
Total Registered Members: 66429 Total Logged-in Users: 33
Total Topics: 84793 Total Anonymous Users: 4
Total Replies: 455040 Total Guests: 209
Total Posts: 539833    
Members ( View Memberlist )
Newest Members:  Dylan1978X_franbaguasllogocsaturkeyPeter BryanttherendStudioGeorgiaJZeerfedeghe
Active Members:    AlexC33attosbartvdbbema2004swbobbybabooncahvaColin Williamscozzmyncpp643Crucialcuongcntt2002devpediaDionysiusdodmodoktorcivanimegerEmanuel01Georgi VeznevhagakureixxalnxxiLeggyMadZadMossab AlzeenypascalnReijiShazaamThe Dooodetrs21219winterainWTHIGO?xoRiZYsekim
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 2.1.1 (20081028)
Script Executed in 0.9336 seconds
Atom Feed   RSS 2.0