Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Session's problems with Chrome and IE #1726

Closed
Kumidan opened this Issue · 8 comments

5 participants

@Kumidan

I've already read a lot of other posts about this, but I can't yet find a solution which works for me.

On Firefox everythign works fine, on IE9 (I haven't tried other versions, but I suppose it's the same) and Chrome (any of the latest versions) the session doesn't work.
The session_id keeps changing on each page refresh, this is the only data stored into the session

Array ( [session_id] => 969d9d1306bcce9727766275d55b2fb3 [ip_address] => 127.0.0.1 [user_agent] => Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) [last_activity] => 1345196493 [user_data] => )

nothing can be stored in the ['user_data'] key

On the database the entry is generated.

I'm NOT using AJAX

OS: Windows7 64bit

Config settings

if(isset($_SERVER['HTTP_HOST']))
{
$config['base_url'] = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http';
$config['base_url'] .= '://'. $_SERVER['HTTP_HOST'];
$config['base_url'] .= isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' ? ( ':'.$_SERVER['SERVER_PORT'] ) : '';
$config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
}
else
{
$config['base_url'] = 'http://localhost/';
}

$config['sess_cookie_name'] = 'crdsession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'crd_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;

$config['cookie_prefix'] = "";
$base_url_parts = parse_url($config['base_url']);
$config['cookie_domain'] = $base_url_parts['host'];
$config['cookie_path'] = $base_url_parts['path'];
unset($base_url_parts);
$config['cookie_secure'] = FALSE;

@narfbg
Owner

Your settings seem all OK ... looks like a cookie collision to me. Does it work on the live host or do you have problems on both environments?

@Kumidan

I don't have a live version at the moment, I'm developing the application on my local machine.
I've just tried to delete all the browsing data (cookies, passwords, saved forms' data,.. anything) from both IE and Chrome, but the problem persists.
If I print
print_r($_COOKIE)
IE and Chrome prints an empty array, Firefox prints the cookie correctly.

@Kumidan

I've done another try, I've disabled the session's library autoload and I've put these lines inside a controller's function

session_start();
echo session_id().br();
if( !isset($_COOKIE['test']) ){
setcookie("test", 'my test cookie', time()+3600);
echo 'setting new cookie';
}
echo $_COOKIE['test'];

The 1st time I visit the page the session id and the message "setting new cookie" are shown
the 2nd time the session id remains the same and the message changes to "my test cookie"
at each other refresh both the session id and the message don't change

so the browsers are ok with the cookies' management

@Kumidan

I've just been able to put my project online, it works fine also on IE and Chrome, the problem is only using it in local, maybe it is a problem of domain name.
Anyway this can be closed.

Thanks for the help, I wouldn't have thought to make a try on a live installation wasting a lot of other time.

@Kumidan Kumidan closed this
@edwinmugendi

@narfbg , @Kumidan I have changed my config.php file as instructed. Still the same problem with Chrome but Firefox is working well. Check http://sapama.com
What might be the problem?

@daparky

I also had this problem but only locally.

@blueyestar

I had same issue before but change
$config['sess_cookie_name'] = 'ci_session';
to
$config['sess_cookie_name'] = 'cisession';
solved this issue.
However, when i do an ajax call on a view, cookie session will lost...

@narfbg
Owner

As I've said in my first comment on this thread - this can only be caused by a cookie collision, meaning that there are two cookies with the same name matching the domain that you're trying to access. That's why changing the cookie name (in many cases from ci_session to cisession) has worked for many of you.

@narfbg narfbg referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@narfbg narfbg referenced this issue from a commit
@narfbg narfbg Replace cookie helper set_cookie() with an improved version
as a common function.

Also deprecated CI_Input::set_cookie() which is now an alias
for this new function.

The new function will now replace cookies with the same name
that were already set (either by set_cookie() or the native
setcookie() and header() functions) in the PHP's headers
queue.
This fixes issue #1345 and supersedes PR #1780,
which were aimed at fixing the Session library's behavior
where it sent multiple cookies with the sess_cookie_name
when the session cookie value had changed.

It will now also always send the relatively new Max-Age
cookie attribute (see http://tools.ietf.org/rfc/rfc6265.txt)
and Expire will always be sent as a GMT timestamp, in an
attempt to fix reported issues with Google Chrome (see
issues #1726 and #1908).

Cookies with the Secure attribute that are intended to only
be send by the browser via encrypted connections will no
longer be send if the website is not accessed via HTTPS.

Also, the optional parameters' default values are changed to
NULL instead of actually usable values, so that config_item()
calls are only used if we're sure that the user/developer
didn't set those intentionally.

All usage of the native setcookie() function in CI has been
replaces with set_cookie().
128d719
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.