1

I have a counter refreshed serverside with an AJAX request. I run this timer every minute.

My session timeout has to be 2 hours, therefore here is my config.php file :

$config['sess_driver']              = 'files';
$config['sess_save_path']           = '/var/lib/php5/sessions';
$config['sess_cookie_name']         = 'ci_session';
$config['sess_expiration']          = 60*60*2;
$config['sess_match_ip']            = FALSE;
$config['sess_table_name']          = 'ci_sessions';
$config['sess_time_to_update']      = 60*5;
$config['sess_regenerate_destroy']  = FALSE;

The counter updater prevent my session from expiration. How can I prevent a controller action from renewing the session timeout ?

[EDIT]

Here is a try to extend Session Class. This try looks good but I wait for tests review. feel free to read and comment ;-) :

if (
    ($regenerate_time = config_item('sess_time_to_update')) > 0
)
{
    if ( ! isset($_SESSION['__ci_last_regenerate']))
    {
        $_SESSION['__ci_last_regenerate'] = time();
    }
    elseif ($_SESSION['__ci_last_regenerate'] < (time() - $params['expiration']))
    {
        $this->sess_destroy();
    }
    elseif ($_SESSION['__ci_last_regenerate'] < (time() - $regenerate_time))
    {
        if (get_instance()->uri->segment(2) != "refreshTaskCount") {
            $this->sess_regenerate((bool)config_item('sess_regenerate_destroy'));
        }
    }
}

// Another work-around ... PHP doesn't seem to send the session cookie
// unless it is being currently created or regenerated
if (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
{
    if (get_instance()->uri->segment(2) != "refreshTaskCount") {
        setcookie(
            $this->_config['cookie_name'],
            session_id(),
            (empty($this->_config['cookie_lifetime']) ? 0 : time() + $this->_config['cookie_lifetime']),
            $this->_config['cookie_path'],
            $this->_config['cookie_domain'],
            $this->_config['cookie_secure'],
            TRUE
        );
    }
}
Nicolas Thery
  • 2,319
  • 4
  • 26
  • 36
  • Try setting [`sess_time_to_update` to zero](http://www.codeigniter.com/user_guide/libraries/sessions.html#session-preferences) so that your session does not automatically renew itself. – Sparky Jun 13 '16 at 22:53
  • I want it to renew with normal queries, I want to have a special behaviour with this special action. – Nicolas Thery Jun 13 '16 at 22:58
  • Possible duplicate of [Codeigniter session bugging out with ajax calls](http://stackoverflow.com/questions/7980193/codeigniter-session-bugging-out-with-ajax-calls) – Rooster Jun 13 '16 at 23:05
  • Then why not simply look at the session's timestamp every time you do an Ajax request and if the timestamp is older than `$config['sess_expiration']`, destroy it? – Sparky Jun 13 '16 at 23:05
  • 1
    @Rooster, that question is from 2011. Since then, CodeIgniter 3.0 has been released with a re-written Session class. – Sparky Jun 13 '16 at 23:08
  • @Sparky, Two things : First, If the timestamp is not expired then the request itself will renew this session, the next request will never get an expired session. By the way, how to read the session timestamp ? Secondly, I still want to get session renew as the user navigates the application with other requests. – Nicolas Thery Jun 13 '16 at 23:18
  • Perhaps there is still a clever way of doing it: [*"Any piece of information from the session array is available through the `$_SESSION` superglobal"*](http://www.codeigniter.com/user_guide/libraries/sessions.html#retrieving-session-data). – Sparky Jun 14 '16 at 00:13
  • Otherwise, you'll have to extend CodeIgniter's Session class with a custom function that ignores all ajax requests. Similar to the answer linked by @Rooster. – Sparky Jun 14 '16 at 00:16
  • @Sparky I updated my question with a Session extend try. I don't ignore ajax as my whole application uses AJAX. That's why I even commented the ajax bypass for session regeneration. Moreover I keep sending the cookie, even with ajax – Nicolas Thery Jun 14 '16 at 00:18
  • Please edit your question further to explain what went wrong with your attempt at extending the Session class. – Sparky Jun 14 '16 at 00:21
  • At the moment nothing's wrong ... I wait for tests because dealing with timeouts is tricky – Nicolas Thery Jun 14 '16 at 00:21
  • The code comment you left out just above that block on line 142 is `// Is session ID auto-regeneration configured? (ignoring ajax requests)`. – Sparky Jun 14 '16 at 00:24

0 Answers0