问题
I'm working on an older application which uses CodeIgniter 2.1.3. During development it runs on a vhost, accessible at http://vhostname/app (which equals xampp/htdocs/project/app).
I copied the live system 1:1 to my development system (with database and everything).
The system uses sessions to store temp data for visitors (e.g. cart). My problem: on my development env the session is destroyed on every refresh. After some testing I found at that it's happening in the system/core/Sessions.php:
// encryption was not used, so we need to check the md5 hash
$hash = substr($session, strlen($session)-32); // get last 32 chars
$session = substr($session, 0, strlen($session)-32);
// Does the md5 hash match? This is to prevent manipulation of session data in userspace
if ($hash !== md5($session.$this->encryption_key))
{
log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.');
$this->sess_destroy();
return FALSE;
}
But I have absolutely no idea why this is happening and run out of ideas slowly.
The only mentionable difference between live and dev system:
- On the live system the application is embedded via an iframe to a WordPress installation. Hence the URL is not http://vhost/app but http://projectname.com
Update:
At least I've just found the reason why the hash doesn't match the encryption key. I'm including the wp-head.php from WordPress to get access to WordPress functions. But it seems that my sessions "get corrupted" at this point - without the include the session stays alive.
Update 2: Okay, I think I'm getting closer. I tried to compare the session cookies, one with the wordpress included version and one without. There's actually a big difference:
The cookie with WordPress included:
a:6:{s:10:\"session_id\";s:32:\"8e3b975d0b30f6b229f475b2f03947a0\";s:10:\"ip_address\";s:9:\"127.0.0.1\";s:10:\"user_agent\";[...]
Without WordPress:
a:6:{s:10:"session_id";s:32:"7451cd27e1b45d2c7b8a042ed6b2bf9e";s:10:"ip_address";s:9:"127.0.0.1";s:10:"user_agent";[...]
Where does these quotation marks come from?
Thanks!
回答1:
Check your session setting in config file
$config['sess_match_useragent'] = TRUE;
If sess_match_useragent set as true. Then make it false and try.
As codeigniter check each time for useragent and return its value like
Mozilla/5.0 (Windows NT 5.1; rv:13.0a1) Gecko/20120206 Firefox/13.0a1
OR
Mozilla/5.0 (Windows NT 5.1; rv:13.0a1)
and check with cookie. Some time its trim user_agent and save in cookie but compare with full return value which cause this issue.
If you are using database for saving session in codeingiter
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
enter code here
then in CI_session table increase user_agent column length.
来源:https://stackoverflow.com/questions/31493871/codeigniter-sessions-keep-getting-destroyed