IonAuth - seems to be randomly logging me out

后端 未结 1 922
迷失自我
迷失自我 2020-12-28 21:44

I\'m using ionAuth & it seems to be logging me out almost randomly? I\'m using Codeigniter v2.1.4 - it logs in perfect fine however ionAuth seems to log out at random in

相关标签:
1条回答
  • 2020-12-28 21:58

    The cause of the problem is a session cookie rotation when an AJAX Call is performed, the proper fix was included in CodeIgniter 3

    You have four options:

    Cope: I faced this problem myself before without knowing exactly the cause of it. In short, I saved the promise of each XMLHttpRequest, if the HTTP status code 401 was encountered, the client side application would request the credentials in the form of a popup, and then retry the AJAX promise.

    Client side with jQuery, just add this ajaxError handler:

    $(document).ajaxError(function (e, xhr, settings, exception) {
        if (xhr.status == 401)
        {
            // open your popup
            $('#login-popup').modal('open');
    
            // attach the xhr object to the listener
            $(document).bind( "retry-xhr", {
                    xhro: xhr
                },
                function( event ) {
                // retry the xhr when fired
                $.ajax( event.data.xhro );
            });
        }
    });
    

    and when you are logged back in, just call this to retry your request:

    $(document).trigger('retry-xhr');
    

    Server side, you only need to add an if in your constructor

    if (!$this->session->userdata('logged_in') && $this->input->is_ajax_request())
            {
                $this->output->set_status_header('401');
                exit;
            }
    

    This was useful because some users would leave their web app window open overnight and the session timeout would kick in. Then the users would call me about not being able to do any AJAX function, and I would have to tell them to press F5

    ps. if on Angular, I have used the HTTP Auth Interceptor Module successfully

    Hack: See this post, his solution is to create another field in the ci_session table and check for both cookies, so your session will still be valid after rotation.

    It also explains in detail what is causing this glitch

    http://www.hiretheworld.com/blog/tech-blog/codeigniter-session-race-conditions

    Upgrade: Start using the next version where it's already fixed:

    https://github.com/EllisLab/CodeIgniter/tree/release/3.0

    Patch Replace line 346 in system/libraries/Session.php (function sess_update())

    if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)
    

    With:

    if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now || $this->CI->input->is_ajax_request())
    
    0 讨论(0)
提交回复
热议问题