0

Consider this controller method

public function authenticate_session($user, $access_token) {
    $this->output->enable_profiler(TRUE);

    $user = $this->user_model->find_users(array("email" => $user, "access_token" => $access_token), "email, last_activity, access_token");

    if ($user) {
        $this->load->library('session');

        $this->session->set_flashdata('post_data', $this->input->post(NULL));

        redirect("v1/transactions_controller/pay");
    } else {
        redirect("v1/sessions/unauthenticated");
    }
}

And the pay method in the transactions controller

public function pay() {
        $this->output->enable_profiler(TRUE);

        $this->load->library('session');

        var_dump($this->session->flashdata());
}

var_dump($this->session->flashdata()); gives me array(0) { }

I've checked everywhere I know to and everyone seems to be saying that flash_data in the session library is the best option for me. I need to pass those POST parameters from the initial request on to the transactions controller once the user has been authenticated. If I remove the redirect and simply do var_dump($this->session->flashdata()); I see what I expect (POST data from the previous request), but it's not passing after the redirect.

Using redirect("v1/transactions_controller/pay", "refresh"); doesn't seem to actually go to the new controller and instead refreshes in place on the authentication controller method, but I do get to see my flashdata. Am I doing something wrong? Should my server be configured a certain way for this to work properly? I've added session_start() to my index.php, but it threw an error because it's already in the session library, which is loaded by both controllers that need it.

My session and cookie variables in config.php

$config['cookie_prefix']    = '';
$config['cookie_domain']    = 'localhost';
$config['cookie_path']      = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']  = FALSE;

$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = NULL;
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
daraul
  • 174
  • 5
  • 16
  • Do you see anything if you use this in `pay()`? `var_dump($this->session->post_data);` Alternately, try `var_dump($_SESSION);` What do you see? – DFriend Apr 05 '17 at 19:48
  • Just added them, @DFriend. I dumped both variables and I get `NULL` and `array(1) { ["__ci_last_regenerate"]=> int(1491422088) }` respectively. – daraul Apr 05 '17 at 19:55

4 Answers4

1

Your problem is with the session configuration. When using the files driver $config['sess_save_path'] must be set to an absolute path and the permissions need to be set - probably to 0700. The session data is save in files in the folder you set. No files === no session data.

Also, I suggest this one cookie setting change

$config['cookie_domain'] = '';

Since you seem to be needing this throughout your site I recommend autoloading the session library. This is done in the file application/config/autoload.php. Find the $autoload['libraries] item in the file and set it like this.

$autoload['libraries'] = array('session');

Now you do not have to load it in anywhere else in the application.

The comment in the file explain how to load multiple libraries at once.

For security reasons it is recommended to put the session folder outside of the public html files. Create a folder named "sessions" at the same level as your site's root. That is usually the folder where Codeigniter is installed. Set the permissions of this folder to 0700. The owner will probably need to be "www-data". When in doubt, use the same owner at the htdocs folders.

Assuming that htdocs is your root folder put this in the sessions section of config.php. 

$config['sess_save_path'] = substr(FCPATH, 0, strpos(FCPATH, "htdocs/"))."sessions/";

The constant FCPATH is defined by Codeigniter and is the absolute path to your application root - the place where the index.php file is stored. The code strips off "htdocs/" and replaces it with "sessions/". You should be good to go. If your root is not htdocs change "htdocs/" to "yourRootFolderName/" in strpos.

On my testbed server the path defined by FCPATH looks like this

/var/www/htdocs/

So the sessions folder is at

/var/www/sessions/

If you're using WAMP or similar stack on a Windows machine FCPATH might look more like this.

C:\wamp\www\htdocs\
DFriend
  • 8,869
  • 1
  • 13
  • 26
  • I've set `$config['sess_save_path'] = 'sessions';`, but I'm not sure that's correct. Could you give me an example absolute path for this? – daraul Apr 05 '17 at 21:05
  • While I do that [read this](https://www.codeigniter.com/user_guide/libraries/sessions.html#files-driver) – DFriend Apr 05 '17 at 21:10
  • BTW, `$config['sess_save_path'] = 'sessions';` won't work because **only absolute paths are supported** for `$config['sess_save_path']`. – DFriend Apr 05 '17 at 21:37
  • I ended up figuring the path out myself, but the problem still persists. I've got `$config['sess_save_path'] = '/var/www/html/ci_sessions';`, now and I still get nothing from `var_dump($this->session->flashdata('post_data'));` I've also added `$this->session->keep_flashdata('post_data');` to my sessions controller, but that isn't helping either. – daraul Apr 05 '17 at 21:43
  • Do you see files being written to the sessions folder? – DFriend Apr 05 '17 at 21:52
  • Yes, files are being created in the folder, but I'm seeing a new file created after the redirect. CI creating an entirely new session after I redirect. Should I have done something to avoid this? – daraul Apr 05 '17 at 21:53
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/140016/discussion-between-dfriend-and-daraul). – DFriend Apr 05 '17 at 21:55
1

You need to create a path for your sessions

https://www.codeigniter.com/user_guide/libraries/sessions.html#session-preferences

Change 

$config['sess_save_path'] = NULL;

To something like below and Make sure you set permission 0700

$config['sess_save_path'] = APPPATH . 'cache/sessions/';

Codeigniter path functions definitions

EXT: The PHP file extension

FCPATH: Path to the front controller (this file) (root of CI)

SELF: The name of THIS file (index.php)

BASEPATH: Path to the system folder

APPPATH: The path to the "application" folder

Also to keep flash data 

$this->session->keep_flashdata('item');
$this->session->keep_flashdata(array('item1', 'item2', 'item3'));

And codeigniter session tempdata

https://www.codeigniter.com/user_guide/libraries/sessions.html#tempdata

$config['cookie_domain'] = '.localhost';
Community
  • 1
  • 1
0

CodeIgniter supports "flashdata", or session data that will only be available for the next server request, and are then automatically cleared.

as the very first thing, which obviusly means that you need to do a new server request. A redirect, a refresh, a link or some other mean to send the user to the next request.

Why use flashdata if you are using it in the same request, anyway? You'd might as well not use flashdata or use a regular session.

Amarjeet Chahal
  • 270
  • 3
  • 14
  • I saw this exact answer here: http://stackoverflow.com/a/13109716/3403924 The answer is, that this isn't single function in a single controller method. I need this flow to be reproducible and reusable across my entire application. Rewriting the exact same set of code everywhere I need it seems silly if the session library and flash_data seem able to do exactly what I need to do. – daraul Apr 05 '17 at 19:57
0

As with most things that make no sense, I found there was just a small mistake that needed rectifying: I needed to set my base_url() in config.php;

$config['base_url'] = 'http://localhost/my_ci_site';

daraul
  • 174
  • 5
  • 16