I'm working on a website which is created with CodeIgniter 2.1.0.
I've noticed sometimes when I reload a page couple of times or open a couple of pages very fast or when I have an error in the code (these errors are not related to sessions) I get logged out.
This website is using a library called Ion_authand for identifications:
public function logged_in()
{
$identity = $this->ci->config->item('identity', 'ion_auth');
return (bool) $this->ci->session->userdata($identity);
}
Is there a bug or something that I should know about?
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'cisession';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
On this website, sessions get updated almost on every page.
Here is what I found:
There is a bug in the session library of CodeIgniter which destroys the session with rapid requests.
Here you can find more about this bug:
https://github.com/EllisLab/CodeIgniter/issues/154
This bug still exist in the latest stable version which is 2.1.3.
I've fixed this by replacing my session library with the one from CI3-DEV from GitHub:
https://github.com/EllisLab/CodeIgniter/blob/b211adee89f5fd2192051e9c0826146bd150f469/system/libraries/Session.php
And putting a long sess_expiration and sess_time_to_update in my configuration ... mine are 86400 and 86500.