I am having very weird problem, The sessions in Codeigniter 3.0.3 are not saved for next request. Each time when a request is done, it creates a new session record and doesn't use it next time.
The weird part of it is, it does work on HTTPS version of website, but not HTTP.
The scenario: On the login page of my website, I do an AJAX call (on this call I set some session variables and flashdatas). Once I get success message, I reload page to the profile page.
This whole process don't work when I use HTTP, but HTTPS.
Any help would be appreciated.
EDIT v1: Addition, even CSRF doesn't work over HTTP. I disable it to test the system.
EDIT v2: Code requested by @DFriend
config.php
$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'jupiter';
$config['sess_expiration'] = 0;
$config['sess_save_path'] = "hkr_sessions";
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
$config['cookie_prefix'] = '';
$config['cookie_domain'] = '.jupiter.rjv.me';
$config['cookie_path'] = '/';
$config['cookie_secure'] = TRUE; // PS: tried FALSE version as well, but no change.
$config['cookie_httponly'] = FALSE;
User.php controller
public function login_required() {
if (!$this->logged_in()) {
$this->session->set_flashdata("login_error", "You have to be logged in to see this page.");
$this->session->set_userdata('redirect_back', $this->agent->referrer());
redirectt('/login');
}
}
routes.php
$route['login/required'] = 'user/login_required';
A simple method like this, when I browse to http://domain.ltd/login/required it redirects to http://domain.ltd/login with printing message like "You have to be logged in to see this page.". Once the user logins, it redirects user back to the page previously he/she was.
In my case it does redirect to /login page, but doesn't print out flashdata message.
Here is MY_Controller.php
class MY_Controller extends CI_Controller {
protected $logged_in = NULL;
protected $is_ajax = NULL;
protected $user_id = NULL;
public function __construct() {
parent::__construct();
log_message("DEBUG", "session variables: " . print_r($this->session->all_userdata(), true));
$this->logged_in = $this->session->userdata('logged_in');
$this->is_ajax = $this->input->is_ajax_request();
$this->user_id = $this->session->userdata('user_id');
}
}
As you see, I print out session variables on each request.
Here is the output of the sessions over HTTP request:
DEBUG - 2016-01-03 07:17:27 --> session variables: Array
(
[__ci_last_regenerate] => 1451805447
)
Here is the output of the sessions over HTTPS request:
DEBUG - 2016-01-03 07:19:44 --> session variables: Array
(
[__ci_last_regenerate] => 1451805564
[redirect_back] => https://jupiter.rjv.me/book/1497-sefiller-viktor-mari-huqo
)
I haven't changed any code, just tried on both requests, HTTP and HTTPS. The session outputs are different. One doesn't save, the other does. I hope this would help you to identify the problem.
