Topic: Codeigniter sessions problem in IE6

I am having some strange issues with CI’s session class in IE6. I searched through these forums all morning and was not able to find a solution.

Basically all I am trying to do at this point is create a simple session-based login system where the user can sign in and the session stores their username, ID, and a boolean flagging if they are logged in our not:

if($pw == $user['user_pass'])
{
     $newdata = array(
          'user_name'  => $un,
          'logged_in' => TRUE
           );
                
     this->session->set_userdata($newdata);
}

Etc. This is quite simple and I have done it many times before with no problem. My code works like a champion in FF, but for some reason IE6 just doesn’t see the session variables no matter what. When I try to echo out the variables:

 echo $this->session->userdata('logged_in');

it doesn’t error, but they just don’t show up in IE (though they work perfectly in FF, as usual). I’m at least 90% sure this is simply a user agent problem, but I have been fiddling with IE all morning with no results and, like I said, it works perfectly in FF. Has anyone else run into a situation like this or have any suggestions on how I can make these cookies work? Research indicates that IE6 is quirky in the way it handles CI cookies, I’m going to install IE7 and see how it reacts to the code. Any thoughts would be appreciated.

EDIT: I also tried it on IE7 and it does the exact same thing. Are there any CI heads out there, and if so do you have any ideas?

-Rhino

Last edited by Rhino (2007-05-29 10:12:13)

Lord, give us the wisdom to utter words that are gentle and tender, for tomorrow we may have to eat them.   -Rep. Morris Udall

Re: Codeigniter sessions problem in IE6

I have had troubles with session data while using Code Igniter, both in IE and Firefox. it's been a while since I was in the code, but the fix for my problem had to do with the settings in application/config/config.php. sorry I can't be more specific. I also remember that disabling the global xss filtering helped the sessions work reliably.

I ended up using the DB Session library as well.

here's the relevant portion of the last config.php I worked on. maybe you can compare and tweak:

/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean).  Whether to encrypt the cookie
| 'session_expiration'  = the number of SECONDS you want the session to last.
|  by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
|
*/
$config['sess_cookie_name']		= 'ci_session';
$config['sess_expiration']		= 7200;
$config['sess_encrypt_cookie']	= TRUE;
$config['sess_use_database']	= TRUE;
$config['sess_table_name']		= 'ci_sessions';
$config['sess_match_ip']		= TRUE;
$config['sess_match_useragent']	= FALSE;

/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path'   =  Typically will be a forward slash
|
*/
$config['cookie_prefix']	= "";
$config['cookie_domain']	= "";
$config['cookie_path']		= "/";

/*
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = FALSE;

I might guess that it has to do wtih 'sess_match_useragent' config variable. that and the 'sess_match_ip' determine whether or not to create a new session. I think there are some cases when the user agent is not reported correctly, so Code Igniter creates a new session.

Re: Codeigniter sessions problem in IE6

thanks Dan, that makes good sense. I think part of my problem is / was being caused by using mutiple controllers to build my app. I am building a rather complicated custom CMS and I wanted to break out the code into user admin, content admin, template admin (etc.) and have separate controllers for each. What I'm finding is that session data created in a given controller is only available to that controller, and when you switch controllers CI makes a new session for the new controller (I didn't know that before today; had to learn it the hard way). Therefore I can't make a generic "user" class that contains all the login, logout, register functionality etc. and make calls to it from different top-level controllers. It works fine within the "user" class but as soon as I redirect to the top-level site the session data I just created gets hosed. I supposed I could write a function that pulls the data from ci_sessions based on user name or IP, but I think it's going to be easier to just put all my admin code in one controller.

Anyway, sorry to get all long-winded, I am sort of trying to figure it out as I go along and writing stuff here helps me solidify my thought process for some reason. Thanks for the advice and for taking the time to look; I really appreciate the help.

-Rhino

Last edited by Rhino (2007-05-29 13:00:26)

Lord, give us the wisdom to utter words that are gentle and tender, for tomorrow we may have to eat them.   -Rep. Morris Udall

Re: Codeigniter sessions problem in IE6

OK this is really odd; I have no idea why this happening. Maybe someone out there has an idea.

I changed my config.php based on Dan's advice so it now looks like

/*
|--------------------------------------------------------------------------
| Session Variables
|--------------------------------------------------------------------------
|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean).  Whether to encrypt the cookie
| 'session_expiration'  = the number of SECONDS you want the session to last.
|  by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
|
*/
$config['sess_cookie_name']		= 'ci_session';
$config['sess_expiration']		= 7200;
$config['sess_encrypt_cookie']	= FALSE;
$config['sess_use_database']	= TRUE;
$config['sess_table_name']		= 'ci_sessions';
$config['sess_match_ip']		= TRUE;
$config['sess_match_useragent']	= FALSE;

I also moved all my login code to a single central controller so that should eliminate any scoping issues. I have been deleting all the rows out of my ci_sessions table and then logging in using different browsers to see how the sessions are created. When I turn on sess_match_ip it works great in FF, but when I access the page with IE it creates like a dozen separate sessions in the table and the variables get hosed again. This is really bizarre...the exact same code is getting executed in each instance and it works fine in FF, but IE completely blows it up. I can echo out the session variable from within the login function but once I go back to the main index function the session stuff disappears in IE.

any thoughts?

-Rhino

Last edited by Rhino (2007-05-29 13:24:17)

Lord, give us the wisdom to utter words that are gentle and tender, for tomorrow we may have to eat them.   -Rep. Morris Udall

Re: Codeigniter sessions problem in IE6

RESOLUTION: http://codeigniter.com/wiki/Native_session/

After some more screwing around I believe I got everything working. After scouring the CI forums all morning I found a much better implementation of session data that actually uses native PHP sessions (instead of the wack CI session cookies that seem to be blowing up all my code in IE). I have some more tweaking to do but so far it works nicely in both browsers.

Hopefully this will help someone...

-Rhino

Lord, give us the wisdom to utter words that are gentle and tender, for tomorrow we may have to eat them.   -Rep. Morris Udall