Session's problems with Chrome and IE #1726

Kumidan opened this Issue Aug 17, 2012 · 8 comments


None yet

5 participants

Kumidan commented Aug 17, 2012

I've already read a lot of other posts about this, but I can't yet find a solution which works for me.

On Firefox everythign works fine, on IE9 (I haven't tried other versions, but I suppose it's the same) and Chrome (any of the latest versions) the session doesn't work.
The session_id keeps changing on each page refresh, this is the only data stored into the session

Array ( [session_id] => 969d9d1306bcce9727766275d55b2fb3 [ip_address] => [user_agent] => Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) [last_activity] => 1345196493 [user_data] => )

nothing can be stored in the ['user_data'] key

On the database the entry is generated.

I'm NOT using AJAX

OS: Windows7 64bit

Config settings

$config['base_url'] = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ? 'https' : 'http';
$config['base_url'] .= '://'. $_SERVER['HTTP_HOST'];
$config['base_url'] .= isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] != '80' ? ( ':'.$_SERVER['SERVER_PORT'] ) : '';
$config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
$config['base_url'] = 'http://localhost/';

$config['sess_cookie_name'] = 'crdsession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'crd_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;

$config['cookie_prefix'] = "";
$base_url_parts = parse_url($config['base_url']);
$config['cookie_domain'] = $base_url_parts['host'];
$config['cookie_path'] = $base_url_parts['path'];
$config['cookie_secure'] = FALSE;

narfbg commented Aug 17, 2012

Your settings seem all OK ... looks like a cookie collision to me. Does it work on the live host or do you have problems on both environments?

Kumidan commented Aug 17, 2012

I don't have a live version at the moment, I'm developing the application on my local machine.
I've just tried to delete all the browsing data (cookies, passwords, saved forms' data,.. anything) from both IE and Chrome, but the problem persists.
If I print
IE and Chrome prints an empty array, Firefox prints the cookie correctly.

Kumidan commented Aug 17, 2012

I've done another try, I've disabled the session's library autoload and I've put these lines inside a controller's function

echo session_id().br();
if( !isset($_COOKIE['test']) ){
setcookie("test", 'my test cookie', time()+3600);
echo 'setting new cookie';
echo $_COOKIE['test'];

The 1st time I visit the page the session id and the message "setting new cookie" are shown
the 2nd time the session id remains the same and the message changes to "my test cookie"
at each other refresh both the session id and the message don't change

so the browsers are ok with the cookies' management

Kumidan commented Aug 17, 2012

I've just been able to put my project online, it works fine also on IE and Chrome, the problem is only using it in local, maybe it is a problem of domain name.
Anyway this can be closed.

Thanks for the help, I wouldn't have thought to make a try on a live installation wasting a lot of other time.

@Kumidan Kumidan closed this Aug 17, 2012

@narfbg , @Kumidan I have changed my config.php file as instructed. Still the same problem with Chrome but Firefox is working well. Check
What might be the problem?

daparky commented Oct 21, 2012

I also had this problem but only locally.

I had same issue before but change
$config['sess_cookie_name'] = 'ci_session';
$config['sess_cookie_name'] = 'cisession';
solved this issue.
However, when i do an ajax call on a view, cookie session will lost...

narfbg commented Oct 22, 2012

As I've said in my first comment on this thread - this can only be caused by a cookie collision, meaning that there are two cookies with the same name matching the domain that you're trying to access. That's why changing the cookie name (in many cases from ci_session to cisession) has worked for many of you.

@narfbg narfbg added a commit that referenced this issue Dec 1, 2012
@narfbg narfbg Replace cookie helper set_cookie() with an improved version
as a common function.

Also deprecated CI_Input::set_cookie() which is now an alias
for this new function.

The new function will now replace cookies with the same name
that were already set (either by set_cookie() or the native
setcookie() and header() functions) in the PHP's headers
This fixes issue #1345 and supersedes PR #1780,
which were aimed at fixing the Session library's behavior
where it sent multiple cookies with the sess_cookie_name
when the session cookie value had changed.

It will now also always send the relatively new Max-Age
cookie attribute (see
and Expire will always be sent as a GMT timestamp, in an
attempt to fix reported issues with Google Chrome (see
issues #1726 and #1908).

Cookies with the Secure attribute that are intended to only
be send by the browser via encrypted connections will no
longer be send if the website is not accessed via HTTPS.

Also, the optional parameters' default values are changed to
NULL instead of actually usable values, so that config_item()
calls are only used if we're sure that the user/developer
didn't set those intentionally.

All usage of the native setcookie() function in CI has been
replaces with set_cookie().
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment