Is there any known bug in the session library of CodeIgniter 2.1.0? Why do I get kicked out? [closed]

Answer 1

Here is what I found:

There is a bug in the session library of CodeIgniter which destroys the session with rapid requests.

Here you can find more about this bug:

https://github.com/EllisLab/CodeIgniter/issues/154

This bug still exist in the latest stable version which is 2.1.3.

I've fixed this by replacing my session library with the one from CI3-DEV from GitHub:

https://github.com/EllisLab/CodeIgniter/blob/b211adee89f5fd2192051e9c0826146bd150f469/system/libraries/Session.php

And putting a long sess_expiration and sess_time_to_update in my configuration ... mine are 86400 and 86500.

Answer 2

CodeIgniter saves session data in cookies. If session data has any special character which unsets the cookie, the session is also destroyed.

It also creates few more problem of size limit. Cookie can save a limited size of data depending upon the browser. If you try to store more data in a CodeIgniter session, and as CodeIgniter tries to save it in cookie, it may not save more than that limit.

Also as the cookie is sent over the network, it unnecessarily adds traffic on network. All session data should not be saved in cookie.

It's better to use a native session library. It uses PHP's native session.

https://github.com/EllisLab/CodeIgniter/wiki/Native-session

or

https://github.com/EllisLab/CodeIgniter/wiki/PHPSession

You can compare both.

Please refer the CodeIgniter session documentation for how CodeIgniter stores session data.

https://www.codeigniter.com/user_guide/libraries/sessions.html