is there any known bug in session lib of codeigniter 2 1 0 why do i get kicked

is there any known bug in session lib of codeigniter 2 1 0 why do i get kicked  using -'php,codeigniter,codeigniter-2'

im working on a website which is created with CI 2.1.0.

the thing i’ve notice is sometimes when i reload a page couple of times or open couple of pages very fast or when i vahe a error in the code (these errors are not related to sessions ) i get logged out .

this website is using a lib called Ion_authand for identifications

public function logged_in()
  $identity = $this->ci->config->item('identity', 'ion_auth');
  return (bool) $this->ci->session->userdata($identity);

is there a bug or something that i should know about ?

$config['sess_cookie_name']  = 'cisession';
$config['sess_expiration']  = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name']  = 'cisession';
$config['sess_match_ip']  = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;

in this website sessions get updated almost in every page

asked Sep 15, 2015 by ShoWeiland
0 votes

2 Answers

0 votes

so here is what i found

there is a bug in the session lib of codeigniter which destroyes the session with rapid requests

here you an find more about this bug

this bug still exist in latest stable version which is 2.1.3

i've fixed this by replacing my session lib with the one from CI3-DEV from the github

and putting a long sess_expiration and sess_time_to_update in my config .... mine are 86400 and 86500

answered Sep 15, 2015 by GerFarleigh
0 votes

Codeigniter saves session data in cookies. If session data has any special character which unsets the cookie, the session is also destroyed.

It also creates few more problem of size limit. Cookie can save limited size of data depending upon browser, if you try to store more data in codeigniter session, and as CI tries to save it in cookie, it may not save more than that limit.

Also as the cookie is sent over the network, it unnecessarily adds traffic on network. All session data should not be saved in cookie.

Its better to use native session library. It uses PHP's native session.


You can compare both.

Please refer CI session documentation for how CI stores session data.

answered Sep 15, 2015 by AlbertDearin