IonAuth - seems to be randomly logging me out

送分小仙女□ 提交于 2019-12-18 11:35:39

问题


I'm using ionAuth & it seems to be logging me out almost randomly? I'm using Codeigniter v2.1.4 - it logs in perfect fine however ionAuth seems to log out at random intevals, is there a way to force the session to stay active until I call the ionAuth->logout function?

My CI config looks like as follows:

$config['sess_cookie_name']     = 'cisession';
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = FALSE;
$config['sess_use_database']    = TRUE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update']  = 600;

My ion_auth config file looks as follows:

 $config['user_expire'] = 0;
 $config['user_extend_on_login'] = FALSE;

Can anyone give me any pointers on what might be causing the issue(s)?


回答1:


The cause of the problem is a session cookie rotation when an AJAX Call is performed, the proper fix was included in CodeIgniter 3

You have four options:

Cope: I faced this problem myself before without knowing exactly the cause of it. In short, I saved the promise of each XMLHttpRequest, if the HTTP status code 401 was encountered, the client side application would request the credentials in the form of a popup, and then retry the AJAX promise.

Client side with jQuery, just add this ajaxError handler:

$(document).ajaxError(function (e, xhr, settings, exception) {
    if (xhr.status == 401)
    {
        // open your popup
        $('#login-popup').modal('open');

        // attach the xhr object to the listener
        $(document).bind( "retry-xhr", {
                xhro: xhr
            },
            function( event ) {
            // retry the xhr when fired
            $.ajax( event.data.xhro );
        });
    }
});

and when you are logged back in, just call this to retry your request:

$(document).trigger('retry-xhr');

Server side, you only need to add an if in your constructor

if (!$this->session->userdata('logged_in') && $this->input->is_ajax_request())
        {
            $this->output->set_status_header('401');
            exit;
        }

This was useful because some users would leave their web app window open overnight and the session timeout would kick in. Then the users would call me about not being able to do any AJAX function, and I would have to tell them to press F5

ps. if on Angular, I have used the HTTP Auth Interceptor Module successfully

Hack: See this post, his solution is to create another field in the ci_session table and check for both cookies, so your session will still be valid after rotation.

It also explains in detail what is causing this glitch

http://www.hiretheworld.com/blog/tech-blog/codeigniter-session-race-conditions

Upgrade: Start using the next version where it's already fixed:

https://github.com/EllisLab/CodeIgniter/tree/release/3.0

Patch Replace line 346 in system/libraries/Session.php (function sess_update())

if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now)

With:

if (($this->userdata['last_activity'] + $this->sess_time_to_update) >= $this->now || $this->CI->input->is_ajax_request())


来源:https://stackoverflow.com/questions/19179243/ionauth-seems-to-be-randomly-logging-me-out

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!