EllisLab text mark
Advanced Search
     
CodeIgniter does not work with Chrome, the user is log out, the ci_sessions table is changed arbitrary
 
davidinchi
Posted: 06 November 2012 01:01 PM   [ Ignore ]
Joined: 2012-10-19
11 posts

Hi,

  I’m working with codeigniter 2.1.3 and flexi-auth with this configuration:
Linux
PHP: 5.2.11
MySQL : 5.1.38-log

  As you can see in http://www.flyinglow.es/flyinglow_es-PRODUCCION-CI_2.1.3/
if a user logs in, just with a page refresh (F5) the user is log out.

  It only happens with Chrome!!

  Debuging the code, I see that in Sessions.sess_write() and Update is executed over ci_sessions table and it works fine, because I execute a Select and shows correct data in ci_sessions table.

  But, when log in process finish and page is showed, data in DataBase is incorrect!!

Session.php sess_write()

// Run the update query
                $this->CI->db->where('session_id'$this->userdata['session_id']);
  $this->CI->db->update($this->sess_table_name, array('last_activity' => $this->userdata['last_activity']'user_data' => $custom_userdata));
                
                log_message('debug''**Session sess_write() $custom_data : '.serialize($custom_userdata).' table '.$this->sess_table_name);

                //select for debug
  $sql_select = array('user_data');
  
  $query $this->CI->db->select($sql_select)
   ->where('session_id'$this->userdata['session_id'])
   ->limit(1)
   ->get($this->sess_table_name);
     
                $result $query->row();

                if ($query->num_rows() !== 1)
                {
       return FALSE;
                }
    
  $db_user_data $result->{'user_data'};
                
                log_message('debug''**Session sess_write() SELECT $db_user_data : '.$db_user_data); 

log file:

DEBUG 2012-11-06 17:48:18 --> **mysql_driver _UPDATE(...) sql UPDATE `ci_sessionsSET `last_activity` = 1352220251, `user_data` = 'a:4:{s:14:\"prevent_update\";i:0;s:9:\"user_data\";s:0:\"\";s:10:\"flexi_auth\";a:7:{s:15:\"user_identifier\";s:20:\"fltest@gmail.com\";s:7:\"user_id\";s:1:\"7\";s:5:\"admin\";b:0;s:5:\"group\";a:1:{i:1;s:6:\"Public\";}s:10:\"privileges\";a:0:{}s:22:\"logged_in_via_password\";b:1;s:19:\"login_session_token\";s:40:\"67206e1d4a25978017afd36cf1cc935768ab3d7e\";}s:17:\"flash:old:message\";s:61:\"<p class=\"status_msg\">Has iniciado sesión correctamente.</p>\";}' WHERE `session_id` =  'e0330de0379f5e4e981780c3328b60b4'
DEBUG 2012-11-06 17:48:18 --> **mysql_driver _EXECUTE(...) sql UPDATE `ci_sessionsSET `last_activity` = 1352220251, `user_data` = 'a:4:{s:14:\"prevent_update\";i:0;s:9:\"user_data\";s:0:\"\";s:10:\"flexi_auth\";a:7:{s:15:\"user_identifier\";s:20:\"fltest@gmail.com\";s:7:\"user_id\";s:1:\"7\";s:5:\"admin\";b:0;s:5:\"group\";a:1:{i:1;s:6:\"Public\";}s:10:\"privileges\";a:0:{}s:22:\"logged_in_via_password\";b:1;s:19:\"login_session_token\";s:40:\"67206e1d4a25978017afd36cf1cc935768ab3d7e\";}s:17:\"flash:old:message\";s:61:\"<p class=\"status_msg\">Has iniciado sesión correctamente.</p>\";}' WHERE `session_id` =  'e0330de0379f5e4e981780c3328b60b4'
DEBUG 2012-11-06 17:48:18 --> **Session sess_write() $custom_data s:430:"a:4:{s:14:"prevent_update";i:0;s:9:"user_data";s:0:"";s:10:"flexi_auth";a:7:{s:15:"user_identifier";s:20:"fltest@gmail.com";s:7:"user_id";s:1:"7";s:5:"admin";b:0;s:5:"group";a:1:{i:1;s:6:"Public";}s:10:"privileges";a:0:{}s:22:"logged_in_via_password";b:1;s:19:"login_session_token";s:40:"67206e1d4a25978017afd36cf1cc935768ab3d7e";}s:17:"flash:old:message";s:61:"<class="status_msg">Has iniciado sesión correctamente.</p>";}"table ci_sessions
DEBUG 2012-11-06 17:48:18 --> **mysql_driver _EXECUTE(...) sql SELECT `user_data`
FROM (`ci_sessions`)
WHERE `session_id` =  'e0330de0379f5e4e981780c3328b60b4'
LIMIT 1
DEBUG 2012-11-06 17:48:18 --> **Session sess_write() SELECT $db_user_data a:4:{s:14:"prevent_update";i:0;s:9:"user_data";s:0:"";s:10:"flexi_auth";a:7:{s:15:"user_identifier";s:20:"fltest@gmail.com";s:7:"user_id";s:1:"7";s:5:"admin";b:0;s:5:"group";a:1:{i:1;s:6:"Public";}s:10:"privileges";a:0:{}s:22:"logged_in_via_password";b:1;s:19:"login_session_token";s:40:"67206e1d4a25978017afd36cf1cc935768ab3d7e";}s:17:"flash:old:message";s:61:"<p class="status_msg">Has iniciado sesión correctamente.</p>";

Data in DataBase, ci_sessions table:

'e0330de0379f5e4e981780c3328b60b4''87.223.230.193''Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4''1352220251''a:2:{s:14:"prevent_update";i:0;s:9:"user_data";s:0:"";}''0' 
 
davidinchi
Posted: 06 November 2012 04:10 PM   [ Ignore ]   [ # 1 ]   [ Rating: 0 ]
Joined: 2012-10-19
11 posts

Hi again,

  More info:

  I write a select in the last line of CodeIgniter.php:

CodeIgniter.php

/*
 * ------------------------------------------------------
 *  Close the DB connection if one exists
 * ------------------------------------------------------
 */
        log_message('debug''**CodeIgniter $CI->session->userdata '.serialize($CI->session->userdata));

        //select for debug
 $sql_select = array('user_data');
  
 $query $CI->db->select($sql_select)
            ->where('session_id'$CI->session->userdata['session_id'])
            ->limit(1)
            ->get('ci_sessions');
        $result $query->row();
        
        if ($query->num_rows() !== 1)
        {
            log_message('debug''**CodeIgniter.php SELECT with NO results');
            //return FALSE;
        }
        else {
            $db_user_data $result->{'user_data'};
                
            log_message('debug''**CodeIgniter.php SELECT result $db_user_data : '.$db_user_data);
        }

        
 if (class_exists('CI_DB') AND isset($CI->db))
 {
  $CI->db->close();
 }


/* End of file CodeIgniter.php */
/* Location: ./system/core/CodeIgniter.php */ 


log debug:

DEBUG 2012-11-06 20:56:43 --> File loadedapplication/views/pages/home.php
DEBUG 2012-11-06 20:56:43 --> Final output sent to browser
DEBUG 2012-11-06 20:56:43 --> Total execution time0.0723
DEBUG 2012-11-06 20:56:43 --> **CodeIgniter $CI->session->userdata a:7:{s:10:"session_id";s:32:"2fab71fddad97ff2337e1f9705b088fc";s:10:"ip_address";s:14:"87.223.230.193";s:10:"user_agent";s:106:"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4";s:13:"last_activity";i:1352231790;s:9:"user_data";s:0:"";s:10:"flexi_auth";a:7:{s:15:"user_identifier";s:26:"flyinglowtesting@gmail.com";s:7:"user_id";s:2:"51";s:5:"admin";b:0;s:5:"group";a:1:{i:1;s:6:"Public";}s:10:"privileges";a:0:{}s:22:"logged_in_via_password";b:1;s:19:"login_session_token";s:40:"1dadbfcfa0d5b5db34413beba499691b5aa59eb9";}s:17:"flash:old:message";s:61:"<p class="status_msg">Has iniciado sesión correctamente.</p>";}
DEBUG 2012-11-06 20:56:43 --> **mysql_driver _EXECUTE(...) sql SELECT `user_data`
FROM (`ci_sessions`)
WHERE `session_id` =  '2fab71fddad97ff2337e1f9705b088fc'
LIMIT 1
DEBUG 2012-11-06 20:56:43 --> **CodeIgniter.php SELECT result $db_user_data a:3:{s:9:"user_data";s:0:"";s:10:"flexi_auth";a:7:{s:15:"user_identifier";s:26:"flyinglowtesting@gmail.com";s:7:"user_id";s:2:"51";s:5:"admin";b:0;s:5:"group";a:1:{i:1;s:6:"Public";}s:10:"privileges";a:0:{}s:22:"logged_in_via_password";b:1;s:19:"login_session_token";s:40:"1dadbfcfa0d5b5db34413beba499691b5aa59eb9";}s:17:"flash:old:message";s:61:"<p class="status_msg">Has iniciado sesión correctamente.</p>";

But in Database… USER_DATA hasn’t that info !!!

session_id '2fab71fddad97ff2337e1f9705b088fc'
ip_address '87.223.230.193'
user_agent 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4'
last_activity '1352231790'
user_data 'a:1:{s:9:"user_data";s:0:"";}'
prevent_update '0' 

 
 
haseydesign
Posted: 07 November 2012 05:38 AM   [ Ignore ]   [ # 2 ]   [ Rating: 0 ]
Joined: 2012-03-08
168 posts

Hey davidinchi,

I don’t know what the problem is but maybe I can give you some ideas on how to debug it.

The code you posted from the CI session.php file did not seem to include

$this->_set_cookie($cookie_userdata); 

found on line 294. I’ve not properly read the CI code, but I would presume if this is not defined, the the session id used by the database would not be set and therefore would be invalidated on page reload and so the database value would be removed.

However, this would likely affect all browsers not just Chrome, so just check that the code you have posted DOES work in other browsers.

—————————————————————————-

The version of PHP you are using is still pretty old, maybe upgrading it again to something newer would help?

—————————————————————————-

Other than that, what I would do in this situation is create a temporary installation and start over again with a very minimal setup, including only the absolute essential libraries and models that you need to use.

Then providing the basic setup works, add function after function to your installation trying to replicate the setup you have on your currently broken installation. Keep testing every time you add a new function. Eventually, something will break it, then you have your culprit.

Good luck man!

 Signature 

flexi-auth | A user authentication library for CodeIgniter.
flexi-cart | An e-commerce shopping cart library for CodeIgniter.
 
davidinchi
Posted: 07 November 2012 06:10 AM   [ Ignore ]   [ # 3 ]   [ Rating: 0 ]
Joined: 2012-10-19
11 posts

Thank you @haseydesign,

  Yes, the

$this->_set_cookie($cookie_userdata); 

is in my code, I just published the part where I check the Update on ci_sessions.


  My PHP version was 5.3 but the hosting adminstrators offered me to change to other server, with different configuration (new linux, new Apache, new PHP) to test in a new enviroment but with no luck.

  Now, I have my application running in dinahosting, 1and1, and two more hosting providers:

* dinahosting does not work: http://flyinglow.hl102.dinaserver.com/flyinglow_es-PRODUCCION-CI_2.1.3/

* 1and1 works with sessions!! but fails searching with scripts over a third provider API , and their client attention is really really bad. So I have to discart them:  http://s432495308.mialojamiento.es/flyinglow_es-PRODUCCION-CI_2.1.3

* A free and not usefull server (really slow) working with sessions: http://www.konnichiwamundo.com/flyinglow/home

* And other one that I can’t give you the URL now but is not working with sessions. Is the only one that will install XDebug for me.

* In localhost is working fine, so I can’t debug the code to find what is happening.


As you can imagine I have done lots of tests, some of them coding from the first line, and I’m still confuse.


I think the problem comes with the last line in CodeIgniter.php, when the Database is closed:

if (class_exists('CI_DB') AND isset($CI->db))
 {
  $CI->db->close();
 

At this point is the only point where “ci_sessions” can be updated, but there isn’t SQL sentences on it!!

 

 
 
WanWizard
Posted: 07 November 2012 08:28 AM   [ Ignore ]   [ # 4 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-04
4420 posts

Most common causes are:
- your hostname is not RFC compliant
- the server time/timezone doesn’t match the clients time/timezone, so the cookie arrives already expired

Most browsers can live with this, but Chrome rejects both.

 Signature 

Me: WanWizard.eu | My company: Exite | Datamapper: DataMapper ORM
 
davidinchi
Posted: 07 November 2012 08:51 AM   [ Ignore ]   [ # 5 ]   [ Rating: 0 ]
Joined: 2012-10-19
11 posts

Hello @WanWizard,

  Do you think http://www.flyinglow.es is no RFC compliant?.

  And, what is the solution in second case?, Is there a way to solve the time/timezon problem?.


  Thanks.
 
Narf
Posted: 07 November 2012 09:40 AM   [ Ignore ]   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2012-01-09
117 posts

Increasing the sess_expiration time to 86400 (24 hours) should help if it’s the second case.
 
WanWizard
Posted: 07 November 2012 12:43 PM   [ Ignore ]   [ # 7 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-04
4420 posts

That would indeed help as a quick check.

To fix it, there’s only one solution.

Make sure you know what your server timezone is, make sure your server runs on time (using a time service), and make sure the PHP timezone is set identical to your server timezone. Then on your PC do exactly the same. This is the only way to make sure that a cookie with an expiry of x minutes will arrive at your browser with x minutes to spare…

Reason for this is that communication between server and client happens in GMT. So the server needs to convert from local to GMT, and the PC back from GMT to local. And this conversion process goes horribly wrong if times and/or timezones are not correct.

 Signature 

Me: WanWizard.eu | My company: Exite | Datamapper: DataMapper ORM
 
davidinchi
Posted: 07 November 2012 05:27 PM   [ Ignore ]   [ # 8 ]   [ Rating: 0 ]
Joined: 2012-10-19
11 posts

@Narf Thanks but no, it doesn’t help.

@WanWizard Thanks, I send an email to the administrator to check it.


The problem comes when CodeIgniter closes the database. It execute a DELETE over user_login_sessions and an UPDATE over ci_sessions doing a logout (I don’t know why).


So my solution is create two triggers to recover the information.

DELIMITER $$

CREATE TRIGGER flyinglow_web.chamullo_user_login_sessions
   AFTER DELETE ON flyinglow_web.user_login_sessions
   FOR EACH ROW
BEGIN   
   IF EXISTS (SELECT NULL
              FROM user_login_sessions,ci_sessions
              WHERE LOCATE(OLD.usess_tokenuser_data) > 0
              AND LOCATE('Chrome'user_agent) >0THEN  
   
       INSERT INTO user_login_sessions 
       (usess_uacc_fkusess_seriesusess_tokenusess_login_date
       VALUES (OLD.usess_uacc_fkOLD.usess_seriesOLD.usess_token,OLD.usess_login_date);
   END IF;
END;

$$

DELIMITER 
DELIMITER $$

CREATE TRIGGER flyinglow_web.tmp_ci_sessions
   BEFORE UPDATE ON flyinglow_web.ci_sessions
   FOR EACH ROW
BEGIN
   DECLARE tmp_userdata text;
   DECLARE chrome_pos integer;
   DECLARE a2_pos integer;
   DECLARE a1_pos integer;
   
   SET tmp_userdata OLD.user_data;
   
   SELECT INSTR(NEW.user_agent'Chrome'INTO chrome_pos;
   SELECT INSTR(OLD.user_data'a:2'INTO a2_pos;
   SELECT INSTR(NEW.user_data'a:1'INTO a1_pos;
   IF (chrome_pos 0THEN
           IF (a2_pos 1THEN
                IF (a1_pos 1THEN
                       SET NEW.user_data tmp_userdata;
                END IF;          
           END IF;  
   END IF;
     
END;
$$ 


With those dirty fixes login works for Chrome, but… logout no.

So I need another dirty fix:

flexi_auth_lite_model:

public function logout($all_sessions TRUE)
 {
  $user_id $this->auth->session_data[$this->auth->session_name['user_id']];

  // DIRTY FIX
                $this->session->chamullo_user_agent_para_logout();

  // Delete database login sessions and 'Remember me' cookies.
  $this->delete_database_login_session($user_id$all_sessions);

  // Delete session login data.
  $this->session->unset_userdata($this->auth->session_name['name']);
    
  // Run database maintenance function to clean up any expired login sessions.
  $this->delete_expired_remember_users();

  return TRUE;
 


and Session.php:

function chamullo_user_agent_para_logout(){
            $newUserAgent 'C h r o m e';
            $mySessionId $this->userdata['session_id'];
            $this->CI->db->where('session_id'$mySessionId);
            $this->CI->db->update($this->sess_table_name, array('user_agent' => $newUserAgent));

        

 

 
 
WanWizard
Posted: 08 November 2012 03:37 AM   [ Ignore ]   [ # 9 ]   [ Rating: 0 ]
Avatar
Joined: 2008-11-04
4420 posts

There is no table called user_login_sessions in CI, so this is an application code issue, not a framework issue.

 Signature 

Me: WanWizard.eu | My company: Exite | Datamapper: DataMapper ORM
 
davidinchi
Posted: 08 November 2012 04:35 AM   [ Ignore ]   [ # 10 ]   [ Rating: 0 ]
Joined: 2012-10-19
11 posts
WanWizard - 08 November 2012 03:37 AM

There is no table called user_login_sessions in CI, so this is an application code issue, not a framework issue.

I’m not sure, the problem comes with the last line in CodeIgniter.php, when database is closed. Two SQL sentences are executed:

DELETE FROM `user_login_sessions` WHERE `usess_uacc_fk` = ‘A USER ID’;
and
UPDATE `ci_sessions` SET `user_data` = ‘a:1:{s:9:“user_data”;s:0:”“;}’

I know it because I create triggers to watch what’s happening.

 
 
jimsefton
Posted: 30 November 2012 10:25 AM   [ Ignore ]   [ # 11 ]   [ Rating: 0 ]
Joined: 2012-11-30
17 posts

I am having a similar issue. All works fine in IE but in FF or Chrome I seem unable to logout.