problem with session in codeigniter

Question

hi .

i have this code in my controller

class Upload_center extends Controller 
{
    function __construct()
    {
        parent::Controller();
        $this->load->model('auth_model') ;
        if(!$this->auth_model->authorize())
        {
            redirect('login');

        } 

    }

and i have this code in my view

$('#swfupload-control').swfupload({
    upload_url: "<?=base_url()?>index.php/upload_center/upload",
    file_post_name: 'fileupload',
    file_size_limit : "200000000",
    file_types : "*.zip;*.rar;*.pdf;*.doc;*.docx;*.mp3;*.avi;*.wmv;*.docx;*.jpg;*.jpeg;*.JPG;*.JPEG;*.png;*.gif;*.bitmap;",
    file_types_description : "zip files ",
    post_params: {"PHPSESSID": "<?=$this->session->userdata('session_id');?>"} ,
    file_upload_limit : 1,
    flash_url : "<?=base_url()?>js/jquery-swfupload/js/swfupload/swfupload.swf",
    button_image_url : '<?=base_url()?>js/jquery-swfupload/js/swfupload/wdp_buttons_upload_114x29.png',
    button_width : 114,
    button_height : 29,
    button_placeholder : $('#button')[0],
    debug: false

i want to user upload thier files after login so i have a method needs users to login before proceed to upload files ; although i'm using flash uploader in my view i think it doesn't pass session value and php think user not logged in and redirect him to login page. i send phpsessionid by post but still no goes .

Answer 1

What's your session cookie expiration set to? There is a known bug in CodeIgniter where, if you stay on a page that makes AJAX requets past the cookie expiration, it will reset the session id in the database, but will not be able to set it in the browser cookie because it's an asynchronous request. This causes there to be a disconnect on the next non-asynchronous GET request, leading to the session library calling sess_destroy(). If this sounds like your situation, let me know. Otherwise, provide more detail, please.

Edit: I should, perhaps, also include the fix for this bug here. Create a file in /application/libraries called "MY_Session.php" (if it doesn't already exist). In there you can paste this:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
* Session Class Extension
*/
class MY_Session extends CI_Session {
   /*
    * Do not update an existing session on ajax calls
    *
    * @access    public
    * @return    void
    */
    function sess_update() {
        if ( !isAjax() ){
            parent::sess_update();
        }
    }
}
?>

That isAjax() function is a helper I have in /application/helpers/isajax_helper.php that looks like this:

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
* is_ajax_call
*
* Determines if the current page request is done through an AJAX call
*
* @access    public
* @param    void
* @return    boolean
*/
if ( ! function_exists('isAjax')) {
    function isAjax() {
        return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest';
    }
}
?>

Which is referenced in my config file like this:

$autoload['helper'] = array('otherhelper1', 'isajax', 'otherhelper2');

Answer 2

By default, CI creates a new sessionid in a defined interval. Look at the config to see the default value (I believe it's 5 minutes). So $this->session->userdata('session_id') will always contain a different ID but CI still is able to know who you are.

I ran into the problem for the exact same reason. I know why the CI guys created this session refreshment but I feel like it is making things more complex. You can override this behaviour in your config by simply entering a higher value for the session refresh.

In one of my apps, it looks like this:

$config['sess_expiration']  = 7200;
//$config['sess_time_to_update'] = 300;
$config['sess_time_to_update'] = $config['sess_expiration'];

This way, I'm able to use sessions as I would do without the framework.