1

I'm using Codeigniter/PyroCMS which uses ion_auth.

I have my session stuff set for two hours. I'm using db sessions.

There is a gremlin somewhere that is booting the session after n minutes, sometimes. It is very random, and as such is hard impossible to reliably reproduce.

I've added log entries to the Session class (specifically sess_destroy) but that merely logs the session being destroyed, which I already knew.

I tried to add a debug_backtrace() into said log entry, but that aint jiving with teh codes (it doesn't get logged/it spits it onto the screen for a split second before the !session redirect).

Is there a good/proper way to track this down?

Thanks guise.

update: I added a few more log entries in Session.php Turns out the db session is being deleted/overwritten incorrectly. WHAI?

stormdrain
  • 7,915
  • 4
  • 37
  • 76

3 Answers3

1

This seems a problem quite common. I have used (and happily accepted as recommendation) Codeigniter's Native session (there is a download link at the bottom)

BUT, due that it is an old library you MUST made some hacks. You can check those simple hacks in the library's forum

Just drop this file in codeigniter's library directory and see if resolve your problem. Please feedback.

Igor Parra
  • 10,214
  • 10
  • 69
  • 101
  • Problem is the framework I'm using (PyroCMS) depends on ion_auth. Thanks. – stormdrain Jan 27 '12 at 14:54
  • @stormdrain I have used pyrocms to build a big site `r.gd` Precisely in that framework I used the library I talked about it. Did you tried it? The problem was the same: unstable sessions. – Igor Parra Jan 28 '12 at 13:36
  • Interesting. Did the site incorporate the pyro admin panel? I thought the functionality in there was closely tied to ion_auth (new/edit users, etc). Thanks again. – stormdrain Jan 28 '12 at 13:41
  • @stormdrain Yes, the site use the pyro admin panel for admins. And yes, pyro is very tied to ion_auth (with many hacks of `phil`) But this `session` library is transparent to it. – Igor Parra Jan 28 '12 at 15:05
  • Updated Native Session link here: https://github.com/EllisLab/CodeIgniter/wiki/Native-session The forum link doesn't work for me either. Are the hacks necessary the same ones described at the bottom of the above link? – Mala Mar 26 '14 at 15:43
0

Sounds like your session cookie is prematurely expiring. Start by checking the settings in your config file for your session related stuff. Namely the $config['sess_expiration'] value, which defaults to 7200. Which is 2 hours.

Then check your php.ini, which I believe defaults to 3600. (1 hr)

Otherwise, I would say that if your code is on a unix system, try a

grep -Rn 'sess_destroy' .

The other thing you might want to look for is anyplace that is attempting to possibly write NULLs or empty values to the session. It's possible that you don't have a sess_destroy anywhere, but that you could have something to the effect of unset($_SESSION).

Hope this helps.

Skittles
  • 2,866
  • 9
  • 31
  • 37
  • It's not expiring early as a result of some cofiguration as then it would be expiring consistently after `n` time. Session expiration is set in the config to two hours. php.ini is configured correctly. – stormdrain Jan 27 '12 at 14:56
  • Do you have a cron job running that perhaps is doing some sort of work related to the /tmp directory where sessions are stored? If those session files are being deleted then say goodbye to any active sessions regardless of expiration. – Skittles Jan 28 '12 at 03:16
  • No. According to more logs, the db session is being deleted (or a new session initiated which isn't authenticated. I grepped around and did not find any $_SESSION candidates for my problem. I also added logging to all sess_destroy()'s, and saw that it's called when the db session goes missing, but can't find what is deleting said db session. Thanks. – stormdrain Jan 28 '12 at 13:45
0

It appears to have been an issue with the server and resolve.conf mapping things incorrectly.

stormdrain
  • 7,915
  • 4
  • 37
  • 76