Expected CodeIgniter session behavior?

Question

I have a session and I'm using a database for the sessions. I was using userdata in the session to store the user's name and a "loggedin" flag. I was autoloading the session library so I wasn't having to explicitly load it.

I was using it in both a controller, to check "loggedin," and a view, to display the user's name, this was causing CI_Session to be loaded twice and was causing the session to be destroyed. Both times CI_Session loaded it tried to update the session and the database, the first one succeeded and the second one failed and destroyed the session.

I believe I was violating the separation between controller and view and I solved the problem by only using the session library in the controller and passing variables with the user's name in to the view.

But my question is: Is the analysis I made correct? Was I violating the separation between controller and view and as long as I don't do this any more I should be fine, or could this probably reoccur in some other scenario?

Note: I tried to ask this question carefully and I'm looking for technical answers not opinions, I don't want this to become a discussion on this vs that, etc.

Adding code as requested:

Snippet from Controller Admin.php

class Admin extends CI_Controller {
  function __construct() {
    parent::__construct();
    $this->load->model('users');
    $this->id = $this->session->userdata('id');
    $this->authorized = array('waccess' => $this->users->authorizedUser($this->id, 'waccess'),
                              'ceditor' => $this->users->authorizedUser($this->id, 'ceditor'),
                              'uadmin' => $this->users->authorizedUser($this->id, 'uadmin'),
                              'forms' => $this->users->authorizedUser($this->id, 'forms'));

  }
  public function index() {
    log_message('debug', 'Admin->index');
    $this->load->view('framework', array(
      'head' => $this->load->view('head', array('title' => 'Administrator', 'stylesheet' => 'admin.css', 'javascript' => 'jquery-ui-1.8.16.custom.min.js'), true),
      'header' => $this->load->view('headerAdmin', array('active' => 'Home', 'authorized' => $this->authorized), true),
      'body' => $this->load->view('adminHome', '', true),
      'midBody' => $this->load->view('blankMid', '', true),
      'footer' => $this->load->view('footer', '', true)
    ));
  }

Snippets from View adminHome.php

<div id="main">
  <div class="content">
    <h1>Employee Interface</h1>
<? if(!$this->session->userdata('loggedin')): ?>
....
<? else: ?>
    <p>Welcome <?=$this->session->userdata('fname')?> <?=$this->session->userdata('lname')?></p>
<? endif; ?>
    <p>Use the menu above to select the various employee and administrative options available to you</p>
  </div>
</div>

I added a lot of debugging code, but made no other changes to the CodeIgniter code to see what was going on, here are the resulting log entries:

DEBUG - 2013-03-04 19:54:31 --> Config Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Hooks Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Utf8 Class Initialized
DEBUG - 2013-03-04 19:54:31 --> UTF-8 Support Enabled
DEBUG - 2013-03-04 19:54:31 --> URI Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Router Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Output Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Security Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Input Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Global POST and COOKIE data sanitized
DEBUG - 2013-03-04 19:54:31 --> Language Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Loader Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Helper loaded: url_helper
DEBUG - 2013-03-04 19:54:31 --> loading: session
DEBUG - 2013-03-04 19:54:31 --> Session Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Helper loaded: string_helper
DEBUG - 2013-03-04 19:54:31 --> Database Driver Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Session using database
DEBUG - 2013-03-04 19:54:31 --> Session matching on [session_id]: b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session matching on [user_agent]: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Updating
DEBUG - 2013-03-04 19:54:31 --> Session Data: [session_id] => b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session Data: [ip_address] => 184.4.66.94
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_agent] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Data: [last_activity] => 1362444838
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_data] => 
DEBUG - 2013-03-04 19:54:31 --> Session Data: [id] => 15
DEBUG - 2013-03-04 19:54:31 --> Session Data: [fname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [lname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [email] => t
DEBUG - 2013-03-04 19:54:31 --> Session Data: [loggedin] => 1
DEBUG - 2013-03-04 19:54:31 --> Session Update Completed
DEBUG - 2013-03-04 19:54:31 --> Session Data: [session_id] => 7875df72dc94ca7bd149debe69865a2e
DEBUG - 2013-03-04 19:54:31 --> Session Data: [ip_address] => 184.4.66.94
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_agent] => Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session Data: [last_activity] => 1362444871
DEBUG - 2013-03-04 19:54:31 --> Session Data: [user_data] => 
DEBUG - 2013-03-04 19:54:31 --> Session Data: [id] => 15
DEBUG - 2013-03-04 19:54:31 --> Session Data: [fname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [lname] => Test
DEBUG - 2013-03-04 19:54:31 --> Session Data: [email] => t
DEBUG - 2013-03-04 19:54:31 --> Session Data: [loggedin] => 1
DEBUG - 2013-03-04 19:54:31 --> Session routines successfully run
DEBUG - 2013-03-04 19:54:31 --> Controller Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Model Class Initialized
DEBUG - 2013-03-04 19:54:31 --> loading: session
DEBUG - 2013-03-04 19:54:31 --> Session Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Database Driver Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Session using database
DEBUG - 2013-03-04 19:54:31 --> Session matching on [session_id]: b791b771c776ca4166a73424315d1110
DEBUG - 2013-03-04 19:54:31 --> Session matching on [user_agent]: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.97 Safari/537.22
DEBUG - 2013-03-04 19:54:31 --> Session not found, destroying instance
DEBUG - 2013-03-04 19:54:31 --> Session routines successfully run
DEBUG - 2013-03-04 19:54:31 --> Controller Class Initialized
DEBUG - 2013-03-04 19:54:31 --> Admin->index
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/head.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/headerAdmin.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/adminHome.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/blankMid.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/footer.php
DEBUG - 2013-03-04 19:54:31 --> File loaded: application/views/framework.php
DEBUG - 2013-03-04 19:54:31 --> Final output sent to browser
DEBUG - 2013-03-04 19:54:31 --> Total execution time: 0.0793

No there seem to be other errors involved. Can you show us some code? How were you using tbe session methods? There should be no problem using session calls both in controllers and views.. — jtheman, Mar 05 '13 at 00:38
I would like to add that one of the big reasons I'm asking this question is because I couldn't find any answer to the cause of the problem when I first started having it, and it took me a lot of digging in to the codeigniter code to figure out what I was doing wrong. — TheDavidFactor, Mar 05 '13 at 00:41
Do you mean your problem went away when you took out the explicit session calls from your views. This is unlikely to be the real reason then. Probably some other syntax was the real cause. — jtheman, Mar 05 '13 at 00:43
Oh and I can recreate the problem by simply adding `=$this->session->userdata('fname')?>` back in to the view. — TheDavidFactor, Mar 05 '13 at 01:04
I wonder who is downvoting you here. I think this is a well elaborated and interesting question. +1 from me! — jtheman, Mar 05 '13 at 01:46

score 0 · Answer 1 · edited May 23 '17 at 11:43

0

Try change the config setting:

$config['sess_match_useragent'] = FALSE;

My guess is you have some kind of either code in your view or other script or browser plugin that messes up the useragent check. This causes the session matching to mismatch, leading to the result Session not found, destroying instance as you see, resulting in your errors.

Of course the result by this change is less secure sessions, so if security is a big issue you could look further into what's causing the problem of course.

You can find info in other posts...

Googlechrome frame is the cause (by default part of Bootstrap template): Codeigniter sessions being destroyed in IE 10 when changing pages

FirePHP extension is the cause: http://blog.tiger-workshop.com/firephp-firefox-extension-causing-codeigniter-session-lost/

edited May 23 '17 at 11:43

Community

1
1

answered Mar 05 '13 at 01:34

jtheman

7,421
3
28
39

It doesn't appear to be a problem with the useragent, it actually appears to be more closely related to the ajax problem, but without the cookie issue: [found here](http://stackoverflow.com/questions/7980193/codeigniter-session-bugging-out-with-ajax-calls) – TheDavidFactor Mar 06 '13 at 18:30
Well you showed or told us nothing of an AJAX call inside. Then the problem isn't that linear as it first seemed to me... A good start to get help is to add everything relevant to the question. – jtheman Mar 06 '13 at 20:05

Expected CodeIgniter session behavior?

1 Answers1