Problem scenario
If a user A logs into the application then the user id set in session. After doing some tasks user A closes his browser and leaves the computer. Short time later, user B came and open browser and see the application was in logged in state. User B can also open an internal url, which directly redirects him into the application without any authentication by using the previous session.
My Configuration
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
You can override or Set a Config Item dynamically. If you simply look at $config['sess_expire_on_close'] = TRUE;
Whether to make the session to expire automatically when the browser window is closed.
Set it to true if user did not check the remember me checkbox. And the session will expire after user close the browser.
And if he checks the remember me checkbox, set $config['sess_expire_on_close'] to FALSE like
if($this->input->post('remember')) $this->config->set_item('sess_expire_on_close', '0'); //'remember' is checkbox name.
now session will not expire after browser is closed.
note: this solution is also tested on Opera, Mozilla, Chrome and ie9
Try this, may be it help you
/ **
* Escape String
*
* @param string
* @param bool whether or not the string will be used in a LIKE condition
* @return string
*/
public function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
$str = is_resource($this->conn_id) ? mysql_real_escape_string($str, $this->conn_id) : addslashes($str);
// escape LIKE condition wildcards
if ($like === TRUE)
{
return str_replace(array($this->_like_escape_chr, '%', '_'),
array($this->_like_escape_chr.$this->_like_escape_chr, $this->_like_escape_chr.'%', $this->_like_escape_chr.'_'),
$str);
}
return $str;
}
// --------------------------------------------------------------------
Set in application/config/config.php:
$config['sess_expiration'] = 0;
$config['sess_expire_on_close'] = TRUE;
This should be OK.
Why don't you use the CI session function to do that
http://www.codeigniter.com/userguide2/libraries/sessions.html
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 做个烂人 的文章《Why the Codeigniter session does not expire after 》','https://www.manongdao.com/article-255281.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}