Codeigniter session data lost after redirect

Question

I am using codeigniter 2.1.0.

I am trying to do a register/login function using the session library in the codeigniter.

The register/login with the session library worked fine for localhost, but when I put it live and tried it, the session does not work.

My controller login works this way. I check the credentials, once ok I set my session data and redirect to another page.

$user_data = array(
                   'username'       => $result->user_name,
                   'email'          => $result->user_email,
                   'userid'         => $result->user_id,
                   'role'           => $result->user_role,
                   'login_state'    => TRUE,
                   'lastlogin'      => time(),
               );

$this->session->set_userdata($user_data);           
print_r( $this->session->all_userdata());            
redirect(base_url('dashboard'));

at this point here when I print all my session data, they do print out. But at the dashboard controller side, when i attempt to print the session data out, they were not there anymore.

Any idea why? Thanks in advance for the help.

Answer 1

if you are working in CI 3.x and just upgraded your server php version to php 7.x

Go to system/libraries/Session/session.php at Line no 281 and replace ini_set('session.name', $params['cookie_name']); by ini_set('session.id', $params['cookie_name']);

Answer 2

I'm not sure what exactly is the problem. Recently I faced this too..

It was working before in my development running php7.0.

Currently it is only working in my production server running nginx and php 5.6. My development server seems to be not working and keeps on regenerate new row in sessions table. My development server is using php7.1, on homestead virtualbox development environment, usually being used for Laravel projects.

I managed to get over this by taking this step.

1) Go to system/libraries/Session/Session.php

2) Comment session_start() by adding //. We want to relocate the sessionn_start().

3) Go down to line 315 where it says Security is king, and comment out until line 351

4) Then go to your main index.php ( the root index.php )

5) Add session_start() at the top once.

6) Okay try again. Hopefully it works. My guess is that it is not working with php 7.1 and some update need to be done in this Session.php file.

7. My CI Version is 3.1.1

Answer 3

Go to

system/libraries/Session/session.php

at Line no 281 and replace

ini_set('session.name', $params['cookie_name']); 

by

ini_set('session.id', $params['cookie_name']);

Answer 4

PHP 7 Upgrade - * Known SESSION / COOKIE Bug

This answer addresses the known session/cookie bug - when you upgrade to PHP7 from PHP 5.

If your CodeIgniter version is @ 3.1.0 or below - and you are upgrading to PHP 7.1 - You will need to update CodeIgniter.

There is a bug with $this->session->set_userdata(); - that can be pretty annoying. It will overwrite your session as soon as you redirect or visit another page within your site structure.

---

Some other discussions about the bug: https://github.com/bcit-ci/CodeIgniter/issues/4830

*Save some time and see post by See post "dyanakiev commented on Oct 23, 2016" -

"Just to confirm: Everything works perfect with 3.1.1, no more problems with sessions. 👍 Good job! 💃"

---

See upgrade instructions here: https://www.codeigniter.com/use …/installation/upgrading.html

Latest CodeIgniter Download here: https://codeigniter.com/download

*I can also confirm this as well:

Updating codeigniter to 3.1.6 fixed the session problem immediately - that had occurred after I updated server to PHP 7.1.*

Answer 5

Maybe you not automatic load library session.

Have you try this in controller dashboard:

$this->load->library('session');
print_r($this->session->all_userdata());

Answer 6

In My case, after some tests (with https and http in localhost) the error comes for that issue and not having properly set the $config['cookie_secure'], so you can try changing in config.php:

$config['cookie_secure']    = FALSE; // if is not under https, or true if you use https

Cheers!

Answer 7

This is an addition to "edelweiss" answer but I feel like it require more attention and hence posting as answer.

CI 2.1 is infamous to have session related problems. It is better we replace the built-in Sessions.php file with the one below.

The link given by "edelweiss" is broken. The Session.php file he mentions is:

<?php  if (!defined('BASEPATH')) exit('No direct script access allowed');
//>  makes dw cs4 happy
/**
* Session class using native PHP session features and hardened against session fixation.
*
* @package     CodeIgniter
* @subpackage  Libraries
* @category    Sessions
* @author      Dariusz Debowczyk, Matthew Toledo
* @link        http://www.philsbury.co.uk/index.php/blog/code-igniter-sessions/
*/
class CI_Session {
    var $flashdata_key     = 'flash'; // prefix for "flash" variables (eg. flash:new:message)
    function CI_Session()
    {
        $this->object =& get_instance();
        log_message('debug', "Native_session Class Initialized");
        $this->_sess_run();
    }
    /**
    * Regenerates session id
    */
    function regenerate_id()
    {
        // copy old session data, including its id
        $old_session_id = session_id();
        $old_session_data = $_SESSION;
        // regenerate session id and store it
        session_regenerate_id();
        $new_session_id = session_id();
        // switch to the old session and destroy its storage
        session_id($old_session_id);
        session_destroy();
        // switch back to the new session id and send the cookie
        session_id($new_session_id);
        session_start();
        // restore the old session data into the new session
        $_SESSION = $old_session_data;
        // update the session creation time
        $_SESSION['regenerated'] = time();
        // session_write_close() patch based on this thread
        // http://www.codeigniter.com/forums/viewthread/1624/
        // there is a question mark ?? as to side affects
        // end the current session and store session data.
        session_write_close();
    }
    /**
    * Destroys the session and erases session storage
    */
    function destroy()
    {
        unset($_SESSION);
        if ( isset( $_COOKIE[session_name()] ) )
        {
            setcookie(session_name(), '', time()-42000, '/');
        }
        session_destroy();
    }
    /**
    * Alias for destroy(), makes 1.7.2 happy.
    */
    function sess_destroy()
    {
        $this->destroy();
    }
    /**
    * Reads given session attribute value
    */
    function userdata($item)
    {
        if($item == 'session_id'){ //added for backward-compatibility
            return session_id();
        }else{
            return ( ! isset($_SESSION[$item])) ? false : $_SESSION[$item];
        }
    }
    /**
    * Sets session attributes to the given values
    */
    function set_userdata($newdata = array(), $newval = '')
    {
        if (is_string($newdata))
        {
            $newdata = array($newdata => $newval);
        }
        if (count($newdata) > 0)
        {
            foreach ($newdata as $key => $val)
            {
                $_SESSION[$key] = $val;
            }
        }
    }
    /**
    * Erases given session attributes
    */
    function unset_userdata($newdata = array())
    {
        if (is_string($newdata))
        {
            $newdata = array($newdata => '');
        }
        if (count($newdata) > 0)
        {
            foreach ($newdata as $key => $val)
            {
                unset($_SESSION[$key]);
            }
        }
    }
    /**
    * Starts up the session system for current request
    */
    function _sess_run()
    {
        session_start();
        $session_id_ttl = $this->object->config->item('sess_expiration');
        if (is_numeric($session_id_ttl))
        {
            if ($session_id_ttl > 0)
            {
                $this->session_id_ttl = $this->object->config->item('sess_expiration');
            }
            else
            {
                $this->session_id_ttl = (60*60*24*365*2);
            }
        }
        // check if session id needs regeneration
        if ( $this->_session_id_expired() )
        {
            // regenerate session id (session data stays the
            // same, but old session storage is destroyed)
            $this->regenerate_id();
        }
        // delete old flashdata (from last request)
        $this->_flashdata_sweep();
        // mark all new flashdata as old (data will be deleted before next request)
        $this->_flashdata_mark();
    }
    /**
    * Checks if session has expired
    */
    function _session_id_expired()
    {
        if ( !isset( $_SESSION['regenerated'] ) )
        {
            $_SESSION['regenerated'] = time();
            return false;
        }
        $expiry_time = time() - $this->session_id_ttl;
        if ( $_SESSION['regenerated'] <=  $expiry_time )
        {
            return true;
        }
        return false;
    }
    /**
    * Sets "flash" data which will be available only in next request (then it will
    * be deleted from session). You can use it to implement "Save succeeded" messages
    * after redirect.
    */
    function set_flashdata($newdata = array(), $newval = '')
    {
        if (is_string($newdata))
        {
            $newdata = array($newdata => $newval);
        }
        if (count($newdata) > 0)
        {
            foreach ($newdata as $key => $val)
            {
                $flashdata_key = $this->flashdata_key.':new:'.$key;
                $this->set_userdata($flashdata_key, $val);
            }
        }
    }
    /**
    * Keeps existing "flash" data available to next request.
    */
    function keep_flashdata($key)
    {
        $old_flashdata_key = $this->flashdata_key.':old:'.$key;
        $value = $this->userdata($old_flashdata_key);
        $new_flashdata_key = $this->flashdata_key.':new:'.$key;
        $this->set_userdata($new_flashdata_key, $value);
    }
    /**
    * Returns "flash" data for the given key.
    */
    function flashdata($key)
    {
        $flashdata_key = $this->flashdata_key.':old:'.$key;
        return $this->userdata($flashdata_key);
    }
    /**
    * PRIVATE: Internal method - marks "flash" session attributes as 'old'
    */
    function _flashdata_mark()
    {
        foreach ($_SESSION as $name => $value)
        {
            $parts = explode(':new:', $name);
            if (is_array($parts) && count($parts) == 2)
            {
                $new_name = $this->flashdata_key.':old:'.$parts[1];
                $this->set_userdata($new_name, $value);
                $this->unset_userdata($name);
            }
        }
    }
    /**
    * PRIVATE: Internal method - removes "flash" session marked as 'old'
    */
    function _flashdata_sweep()
    {
        foreach ($_SESSION as $name => $value)
        {
            $parts = explode(':old:', $name);
            if (is_array($parts) && count($parts) == 2 && $parts[0] == $this->flashdata_key)
            {
                $this->unset_userdata($name);
            }
        }
    }
}

Answer 8

I realize you're trying to debug your issue; but have you tried removing the echo/print before redirecting?

I'm no 'session' expert, but I've had similar issues where printing out debug information before redirecting would cause session data the die on the next page.

Also, @edelweiss is on the money :)

Answer 9

Make sure your app has permissions to create the session files to /tmp (where file sessions are stored) if your not using a database for the sessions.

More than likely you need to look at php.ini on the production server and verify the session save handler is defined http://devzone.zend.com/413/trick-out-your-session-handler/ explains this rather well.

Answer 10

I saw a similar post and was directed to here to try using his sessions.php

And it works for me!

http://www.philsbury.co.uk/blog/code-igniter-sessions

Answer 11

I experienced a similar problem with CI 3.1.1. I tried most of the solutions suggested on stackoverflow most did not work for me. I had two different projects project A's sessions were working while project B's session data was losing data after redirect. By comparing the two I found what could be a solution/explanation to the problem.

My initial redirect looked like this:

redirect ('name_of_function_in_same_controller');

I changed it to:

redirect ('/name_of_controller/name_of_function_in_controller');

And it started to work. I believe the trick is including the name of the controller to in the redirect. Be sure to make provision for the controller name in routes.php

Answer 12

显然，我创建的表 ci_sessions 只有最大 64K 的数据（blob），所以我改成了 mediumblob，现在它工作正常

Answer 13

Make sure you session_start() before using $_SESSION. I had this problem, I foolishly assumed that

$this->load->library('session');

will do that for me, but not.

Answer 14

I was facing the same issue and after a long research I found the solution.

My session is stored in db not in files but even database is also restricted to store the size, I think..

Its not any core issue of codeigniter or something that is session destroyed automatically or something else..

It is actually the load of data amount in session, if we save the more & more data inside session with Codeigniter("I am not sure about native session but for codeigniter I can confirm this"), it will destroy the session automatically.

So what you have to do is, to go to that code that you are writing to get the data from db or somewhere else and then saving into session in userdata, try to reduce the load of data saving inside the session and exclude that data which is not needed on page from session every time.

Let me know if still there is an issue..

Answer 15

This might be late. But felt i should drop it. Had same issue too. I m using codeigniter and wiredesignz hmvc and i noticed the error was from the htaccess. Try adding a back slash after the rewrite base url

Answer 16

In case someone get stuck using Homestead (as I was), this is a CodeIgniter bug and is not present on newer versions (I read), you can upgrade your CI version or downgrade your PHP version "per project" with Homestead 6+, as in the example:

//Homestead.yaml
    - map: myproject.test
      to: /home/vagrant/Code/myproject
      php: "5.6"

and then simple run homestead provision .

Answer 17

I solved this issue by upgrading my codeigniter. Go to Codeigniter download

Download it and replace your project system folder with newly downloaded one.

Answer 18

Check on the $config['base_url'] = 'http://localhost/'; if you are working on the localhost, and change it to $config['base_url'] = 'http://localhost'; without the last /

Answer 19

Check in application/config/config.php

and find $config['encryption_key'] = ''; If it is empty then set the ecryption_key .

It will definitely help if after every setting session variables not working after redirection.

For more detail: http://codeigniter.com/user_guide/libraries/encryption.html

Answer 20

In our case the problem was related with Chrome SameSite cookies policy.

It seems that since Chrome 76 was released, cookies without "SameSite=None" and "Secure" properties are not setted by the browser after redirect.

For people that are using CodeIgniter 3.1.6 if you are redirecting to your site from a third party (for example from OAuth login page) you must add this to your config.php:

$config['cookie_path']      = '/;SameSite=None';
$config['cookie_secure']    = TRUE;

Keep in mind that this has security implication so be careful and be sure that you are choosing the best solution for your application requirements.

Related question here: How can I redirect after OAUTH2 with SameSite=Strict and still get my cookies?

Answer 21

I'm facing same issue and I was working with CodeIgniter version 3.1.9. I have downloaded CodeIgniter's latest version 3.1.11 and replace my current "system" directory with new the one available with 3.1.11 version.

Above process has solved my issue and it's working fine without any issues in PHP version 7.3.12 and 7.4.0.