Codeigniter Database session fix

For weeks I tolerated the annoyance of CodeIgniter’s Session library logging my out continuously, saying to myself “I works…kind of… ill fix it later”. Eventually the problem started affecting AJAX method calls, large file uploads and simple CRUD operation forms so I began trawling the internet for a fix.

After hours and hours, I found that there was no _reliable_ fix to the database sessions library and that the answer was, DON’T USE DATABASES.

I found this extremely helpful library fix: CI_Native_Session.

php  if (!defined('BASEPATH')) exit('No direct script access allowed');
/**
 * Code Igniter
 *
 * An open source application development framework for PHP 4.3.2 or newer
 *
 * @package        CodeIgniter
 * @author        Dariusz Debowczyk
 * @copyright    Copyright (c) 2006, D.Debowczyk
 * @license        http://www.codeignitor.com/user_guide/license.html
 * @link        http://www.codeigniter.com
 * @since        Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

/**
 * Session class using native PHP session features and hardened against session fixation.
 *
 * @package        CodeIgniter
 * @subpackage    Libraries
 * @category    Sessions
 * @author        Dariusz Debowczyk
 * @link        http://www.codeigniter.com/user_guide/libraries/sessions.html
 */
class Native_session {
    var $session_id_ttl = 360; // session id time to live (TTL) in seconds
    var $flash_key = 'flash'; // prefix for "flash" variables (eg. flash:new:message)

    function Native_session()
    {
        log_message('debug', "Native_session Class Initialized");
        $this->_sess_run();
    }

    /**
    * Regenerates session id
    */
    function regenerate_id()
    {
        // copy old session data, including its id
        $old_session_id = session_id();
        $old_session_data = $_SESSION;

        // regenerate session id and store it
        session_regenerate_id();
        $new_session_id = session_id();

        // switch to the old session and destroy its storage
        session_id($old_session_id);
        session_destroy();

        // switch back to the new session id and send the cookie
        session_id($new_session_id);
        session_start();

        // restore the old session data into the new session
        $_SESSION = $old_session_data;

        // update the session creation time
        $_SESSION['regenerated'] = time();

        // session_write_close() patch based on this thread
        // http://www.codeigniter.com/forums/viewthread/1624/
        // there is a question mark ?? as to side affects

        // end the current session and store session data.
        session_write_close();
    }

    /**
    * Destroys the session and erases session storage
    */
    function destroy()
    {
        unset($_SESSION);
        if ( isset( $_COOKIE[session_name()] ) )
        {
              setcookie(session_name(), '', time()-42000, '/');
        }
        session_destroy();
    }

    /**
    * Reads given session attribute value
    */
    function userdata($item)
    {
        if($item == 'session_id'){ //added for backward-compatibility
            return session_id();
        }else{
            return ( ! isset($_SESSION[$item])) ? false : $_SESSION[$item];
        }
    }

    /**
    * Sets session attributes to the given values
    */
    function set_userdata($newdata = array(), $newval = '')
    {
        if (is_string($newdata))
        {
            $newdata = array($newdata => $newval);
        }

        if (count($newdata) > 0)
        {
            foreach ($newdata as $key => $val)
            {
                $_SESSION[$key] = $val;
            }
        }
    }

    /**
    * Erases given session attributes
    */
    function unset_userdata($newdata = array())
    {
        if (is_string($newdata))
        {
            $newdata = array($newdata => '');
        }

        if (count($newdata) > 0)
        {
            foreach ($newdata as $key => $val)
            {
                unset($_SESSION[$key]);
            }
        }
    }

    /**
    * Starts up the session system for current request
    */
    function _sess_run()
    {
        session_start();

        // check if session id needs regeneration
        if ( $this->_session_id_expired() )
        {
            // regenerate session id (session data stays the
            // same, but old session storage is destroyed)
            $this->regenerate_id();
        }

        // delete old flashdata (from last request)
        $this->_flashdata_sweep();

        // mark all new flashdata as old (data will be deleted before next request)
        $this->_flashdata_mark();
    }

    /**
    * Checks if session has expired
    */
    function _session_id_expired()
    {
        if ( !isset( $_SESSION['regenerated'] ) )
        {
            $_SESSION['regenerated'] = time();
            return false;
        }

        $expiry_time = time() - $this->session_id_ttl;

        if ( $_SESSION['regenerated'] <=  $expiry_time )         {             return true;         }         return false;     }          /**     * Sets "flash" data which will be available only in next request (then it will     * be deleted from session). You can use it to implement "Save succeeded" messages     * after redirect.     */     function set_flashdata($key, $value)     {         $flash_key = $this->flash_key.':new:'.$key;
        $this->set_userdata($flash_key, $value);
    }

    /**
    * Keeps existing "flash" data available to next request.
    */
    function keep_flashdata($key)
    {
        $old_flash_key = $this->flash_key.':old:'.$key;
        $value = $this->userdata($old_flash_key);

        $new_flash_key = $this->flash_key.':new:'.$key;
        $this->set_userdata($new_flash_key, $value);
    }

    /**
    * Returns "flash" data for the given key.
    */
    function flashdata($key)
    {
        $flash_key = $this->flash_key.':old:'.$key;
        return $this->userdata($flash_key);
    }

    /**
    * PRIVATE: Internal method - marks "flash" session attributes as 'old'
    */
    function _flashdata_mark()
    {
        foreach ($_SESSION as $name => $value)
        {
            $parts = explode(':new:', $name);
            if (is_array($parts) && count($parts) == 2)
            {
                $new_name = $this->flash_key.':old:'.$parts[1];
                $this->set_userdata($new_name, $value);
                $this->unset_userdata($name);
            }
        }
    }

    /**
    * PRIVATE: Internal method - removes "flash" session marked as 'old'
    */
    function _flashdata_sweep()
    {
        foreach ($_SESSION as $name => $value)
        {
            $parts = explode(':old:', $name);
            if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flash_key)
            {
                $this->unset_userdata($name);
            }
        }
    }
}
?>

Demos and documentation can be found here

I would thoroughly advise giving it a go as it sorted all of my problems out.

Codeigniter Database, Dariusz Debowczyk, PHP, Sessions, TTL

This entry was posted by Matt on August 23, 2010 at 7:07 am, and is filed under Code Igniter, Web Dev. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site.

Related Posts
Trackbacks (4)
Comments (5)

#1 written by Dalibor Simacek
about 2 years ago

Reply Quote

hello, what kind of problems did you experience? i develop in CI for long and although i noticed some problems with sessions since 1.6 version, it was never too serious. especially since version 1.7.2.

the only thing i noticed (and i’m not sure why is it like that until now) is a problem with SQL provided by CI in user guide for sessions table. there is a column:
…
user_data text NOT NULL,
…
which will cause error in the first session initialization, since it doesn’t have any user_data and tries to insert NULL. i can’t see why nobody else noticed, i’m using mysql 5.1 and innodb.
- #2 written by p3
  about 2 years ago
  
  Reply Quote
  
  This helped me with my mysterious session problem
  Dakujem
- #3 written by Matt
  about 2 years ago
  
  Reply Quote
  
  The main problem was session expiry not working correctly, I.E. sessions being destroyed at random times.
  
  This caused some pretty annoying problems when users are populating lengthy forms and get logged out on submission! – Some fail over techniques were implemented for this!
#4 written by Ganesh
about 2 years ago

Reply Quote

Nice post…Thank you for sharing some good things matt.
#5 written by Chandana Bandara
about 2 years ago

Reply Quote

Thank you Matt. This library is really useful. In my IE8 with the default session plugin in CI 1.7 it gave me a new session ID with every call and this library saved me.

Cheers,
Chandana

Delving into Images with PHP, Exif and ImageSize – the not so secret art

about 2 years ago - 4 comments

Recently I have been tasked with automatically compiling, tagging and indexing images added to an application via FTP. The images had been tagged using Adobe Bridge or Photoshop, anyone with knowledge of Adobe products will be familiar with tagging images. For those who aren’t, you can add descriptions, titles, ratings, keywords and copyrights (to name

Cropping images with CodeIgniter and jQuery

about 2 years ago - 7 comments

The art to having a website with decent imagery is to allow the user/administrator to crop the images. Despite advancing web technologies, I still cannot trust a computer to scale, resize or crop an image without the resulting image being of someones foot. There are certain ‘off-the-shelf’ products, mainly for ASP.net, with very little introduced

Detecting Mobile devices with WURFL and PHP

about 2 years ago - No comments

The Wireless Universal Resource File (WURFL) is an open source device library which describes itself as follows: The WURFL is an “ambitious” configuration file that contains info about all known Wireless devices on earth. Of course, new devices are created and released at all times. While this configuration file is bound to be out of

Integrating PayPal with PHP and IPN

about 3 years ago - 21 comments

PayPal has a huge API reference to integrate it’s services into any website. But from personal experience I found that the theory is far more simple than the practice. There are various methods to implement PayPal’s services including Soap webservices with ‘Express Checkout’ and ‘Website Payment Pro’. This tutorial will focus on ‘Website Payment Pro’

Top 5 must have WordPress plugins

about 3 years ago - No comments

I thought it was high time I released a list of the best plugins that I use with my WordPress installation. So here goes… 1. All in one webmaster This plugin thanks to ArpitShah is a bundle of all the best tracking and analytics solutions available to the web and I would highly recommend it.

Ajax callback validation routines with CodeIgniter

about 3 years ago - 7 comments

The CodeIgniter Form_Validation library is an extremely useful tool especially the ability to extend all core routines. Some validation requires real time PHP & MySQL processing, for example checking an email against those already registered with your site. To use a PHP function to return values to the jQuery validate function, the only important theory

High level search with PHP and Apache Solr

about 3 years ago - 10 comments

When data sets get large and MySQL database querying to search become too load heavy and slow, full indexing is required. Several solutions are available but in this article I will be demonstrating the Apache foundations Solr Java Lucene implementation. For this a Java build will be required. Linux or Mac is less of a