Session ID is changing in CodeIgniter

Question

I am using the session feature of CodeIgniter, and I'm running this code:

$session_id = $this->session->userdata('session_id');
echo "My Session ID is $session_id";

And it keeps changing every time I load the page. Does this mean that sessions are not being saved properly? Is there any way to debug this and find out why? Or am I not using this library correctly?

I don't get any errors when I enable error reporting, and I'm using the autoload ability of CI to load the session library:

$autoload['libraries'] = array('session');

Any advice would help thanks!

Example Output of the Code above:

My Session ID is 7c92bac53d2654df6e87eb4e4cb25467

.. reload ..

My Session ID is c6dd14aed2499760f788a1364dcab030

UPDATE: My session configurations inside config.php look like this:

$config['sess_cookie_name']     = 'ci_session';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 300;

So I have found that

session_start();
$_SESSION['myvar']='var';

doesn't store anything either, something seems to be wrong with the session storage on my linux server.

My session save path has apache:apache 775 permissions. Perhaps this should be moved to serverfault?

Could be an in-built session fixation prevention mechanism though it sounds a bit extreme changing it on each request — Phil, Aug 08 '11 at 02:34
@AlienWebguy Thanks for the response, I updated my question with the session configuration, I'm not using a DB — Doug Molineux, Aug 08 '11 at 03:00
@Phil, sorry I'm not familiar with in-built session fixation prevention mechanisms — Doug Molineux, Aug 08 '11 at 03:44
@Pete Are you using [Native Session](http://codeigniter.com/wiki/Native_session/) or another alternative session library? For more information on session fixation, see http://en.wikipedia.org/wiki/Session_fixation — Phil, Aug 08 '11 at 03:50
@Phil, Thanks for the read, I think I understand, so the changing of the Session ID maybe be intentional for security reasons. however I can't store anything in the session. I am using Native Session — Doug Molineux, Aug 08 '11 at 04:05
Hi, did you fix that problem? Answer doesn't help to solve the problem with session values saving. — Oleksandr IY, Apr 09 '18 at 18:27

laurent · Accepted Answer · 2017-07-01T10:16:05.493

16

According to CI's Session.php, the ID is changed on every update, but they keep a reference to the old ID so that they can update it right row.

Also, according to the doc: "session_id" is regenerated (by default) every five minutes".

Is there any reason why you need to access "session_id"? If you need some sort of fixed ID, you should create your own "my_session_id", that way it won't change between request.

$uniqueId = uniqid($this->CI->input->ip_address(), TRUE);
$this->session->set_userdata("my_session_id", md5($uniqueId));

edited Jul 01 '17 at 10:16

answered Aug 08 '11 at 04:22

laurent

88,262
77
290
428

Thanks for the answer Laurent, I have found that even the normal session array isn't working properly on the server, I just thought that the session id would indicate which session the current user was in. But obviously my problems are deeper than that – Doug Molineux Aug 08 '11 at 04:36

score 2 · Answer 2 · answered Aug 03 '17 at 16:58

2

By replacing the directory system/libraries/ session per the most recent version (from the CI website), the problem will be solved. There were several bugs in the session libraries of CI and they are already resolved.

answered Aug 03 '17 at 16:58

louk

97
6

score 1 · Answer 3 · edited Dec 22 '15 at 14:37

1

@this.lau

You could mention the link of the file will be useful for the beginners.

i.e. CodeIgniter/system/libraries/Session.php

edited Dec 22 '15 at 14:37

Caleb Kleveter

11,170
8
62
92

answered Dec 22 '15 at 13:32

Techappri

29
9

score 1 · Answer 4 · answered Oct 01 '17 at 14:52

1

Changing session_id is normal in CI. But I had a problem. Session values were not saving, not persistent only in CI.

I fixed it by updating Codeigniter to the latest version, which is currently 3.1.6.

answered Oct 01 '17 at 14:52

Jeff

524
5
17

score 0 · Answer 5 · answered Jun 17 '14 at 09:38

One possible issue that you can have i described here: https://github.com/EllisLab/CodeIgniter/issues/3108

The thing is stupid as it can be. If you set cookie name with dots it will regenerate session id every time you reload the page. And of course, you would not be able to keep any user specific data!

Nilesh Borse · Answer 6 · 2015-02-18T05:30:50.050

0

If you don't want to update session on every five minutes do the following changes.

go to the session.php file in the System/libraries/Session.php and set all parameters like public $sess_encrypt_cookie;public $sess_use_database;... to blanks It's working for me

edited Feb 18 '15 at 05:30

answered Feb 18 '15 at 05:10

Nilesh Borse

51
1
12

I think changing the session update from the default five minutes is more easily accomplished by changing the config.php value to something other than 300 (60 seconds x 5 minutes): $config['sess_time_to_update'] – jmmygoggle Mar 06 '17 at 18:42

Session ID is changing in CodeIgniter

6 Answers6