3

This is a project I inherited, it says: define('CI_VERSION', '3.0-dev'); in CodeIgniter.php. It is an ecommerce site and every once in a while a customer complains they get logged out and their cart contents emptied randomly. This seems to happen over and over again for the same customer on the same day but not for anyone else. The same customer may try again a few days later from the same machine and browser and not have the issue at all. A customer complained about this yesterday and I found 7 different sessions for their IP address on the same day in ci_sessions table. Since I can never reproduce the issue myself I'm having a hard time figuring it out. I've read a number of posts online about CI dropping sessions and I've made all the suggested updates to config values that I found, hoping it would be fixed, only to have another customer complain about the exact same thing again a couple weeks later. If you've encountered this issue before maybe you can suggest some other solution?

Here are some of my config settings:

$config['sess_cookie_name']     = 'pyrocms' . (ENVIRONMENT !== 'production' ? '_' . ENVIRONMENT : '');
$config['sess_expiration']      = 0;
$config['sess_expire_on_close'] = true;
$config['sess_encrypt_cookie']  = true;
$config['sess_use_database']    = true;
// don't change anything but the 'ci_sessions' part of this. The MSM depends on the 'default_' prefix
$config['sess_table_name']      = 'default_ci_sessions';
$config['sess_match_ip']        = true;
$config['sess_match_useragent'] = true;
$config['sess_time_to_update']  = 300;

$config['cookie_prefix']    = (substr_count($_SERVER['SERVER_NAME'], '.') > 1) ? substr($_SERVER['SERVER_NAME'], 0, strpos($_SERVER['SERVER_NAME'], '.')) . '_' : 'default_';
$config['cookie_domain']    = ($_SERVER['SERVER_NAME'] == 'localhost') ? '' : $_SERVER['SERVER_NAME'];
$config['cookie_path']      = BASE_URI;
$config['cookie_secure']    = false;

$config['global_xss_filtering'] = false;
Eric Kittell
  • 41
  • 1
  • 2
  • it doesn't look like any of these config settings changes suggested have helped, I wonder if it's anything to do with the hosting – Eric Kittell Oct 04 '15 at 16:12

2 Answers2

1

A customer complained about this yesterday and I found 7 different sessions for their IP address on the same day in ci_sessions table.

This seems to be the bottleneck since new sessions are created for the user; also results in unseting cart (I guess, the cart is based on $_SESSION which is regenerated/destroyed & created).

Since I can never reproduce the issue myself I'm having a hard time figuring it out.

The client might be using private browsing. Try to clear all cookies from your browser (system) to reproduce it. Related post might help you also: Remembering PHP Session Private Browsing

Still, there are some fuzzy feelings about these two lines. Why don't you increase the sess_expiration to $config['sess_expiration'] = 60 * 60 * 24; and sess_expire_on_close to $config['sess_expiration'] = false;

Community
  • 1
  • 1
sitilge
  • 3,687
  • 4
  • 30
  • 56
  • thanks, but those settings don't seem to help, it still happens occassionally – Eric Kittell Jun 30 '15 at 19:33
  • Have you checked logs? Have you implemented the code above? Also, if it is possible try to politely ask client for his session experience (what is his system settings, browser setting, etc.). – sitilge Jul 01 '15 at 07:12
  • Yes I tried that code, that's what I mean by "those settings" that code sets some settings. Which logs? Apache? PHP? – Eric Kittell Jul 02 '15 at 13:53
0

Try setting $config['sess_match_ip'] = "FALSE".

rink.attendant.6
  • 44,500
  • 61
  • 101
  • 156
Amir
  • 98
  • 1
  • 1
  • 5
  • I changed that a couple weeks ago but it happened again yesterday. – Eric Kittell Jul 29 '15 at 03:22
  • These settings might be the cause: $config['sess_match_ip'] = true; $config['sess_match_useragent'] = true; CI session will check whether the user agent and the user's current IP both matches the ones in the session, if yes, it will assume it's the same person if other set criterias are fulfilled, otherwise, it will cancel the old session (logging the user out) and create a new session as the user will be seen as a new user. – Amir Oct 08 '15 at 12:51
  • both of those settings have been set to false for many weeks now and the problem happened again yesterday. – Eric Kittell Oct 09 '15 at 14:27
  • @EricKittell Which session driver are you using? file or database? Check $config['sess_driver'] in your config file to confirm. – Amir Oct 29 '15 at 13:16
  • I don't have $config['sess_driver'] – Eric Kittell Nov 04 '15 at 02:07
  • the other issue is this is CI3 that was bundled with PyroCMS before CI3 was actually released and they way they integrated it seems a little strange retaining the config and sessions table fields from CI2. – Eric Kittell Nov 04 '15 at 20:51