CodeIgniter Random Logout (sess_time_to_update = PHP_INT_MAX)

Question

I have one user reporting that they are being logged out at 6:45 pm est (around that time). My session expire time is 24 hours and they login about 8 hours earlier.

Just as a test I set sess_time_to_update to PHP_INT_MAX as their is a known bug that causes session logouts when it is rotating the session.

The only thing I can think of that would cause this is Firefox's ability to restore previous tabs. This actually restores the session cookie even after the browser is closed.

She said this also happens in Internet Explorer...I couldn't find a setting in IE 11 to persist session cookies after the browser closes.

Do you have any ideas what could be causing this or an idea of what to investigate?

EDIT: This happened to another client. It happens only some days and doesn't happen to users at a different location. Is there anything I can do to determine how this is happening?

Answer 1

I'm not sure that you're setting the actual expiration period of sessions to PHP_INT_MAX. As stated in the manual sess_time_to_update config controls how often the session class will regenerate itself and create a new session ID. In other words it's how often the session details (such as last activity) are getting updated, not expired.

On the other hand there are a few configuration directives that have influence on unexpected session expirations of your case:

• sess_expiration: The number of seconds you would like the session to last. The default value is 2 hours (7200 seconds). If you would like a non-expiring session set the value to zero: 0.

• sess_expire_on_close: Whether to cause the session to expire automatically when the browser window is closed.

Make sure that these settings are set fine and then try to reproduce the situation on your own browser to minify the scope of the problem. If you still experience random logouts add a log_message() call to session library's sess_destroy() to keep track of user session destruction that may give you a clue about the destruction pattern.

If nothing, I think that would be user's browser or CCleaner-like apps on her machine wiping off the cookie. Instruct her to factory reset her browser settings or install a brand new browser.

The other thing worth noting is that some CI libraries such as IonAuth has their own related configs. If you're using IonAuth for authentication please have a look at user_expire and remember_users directives in the ion_auth.php config file.

Hope it helps.

Answer 2

Try testing it in a few different browsers and see if it's still happening. If it is, maybe:

• Check if there are any cron jobs running server side that could be killing session cookies on the server?
• Use a tool like IECookiesView to see what cookies are there, when they're set to expire and if anything is changing?

If they keep getting logged out at similar times try working out anything that might be happening server or local side at that time. It's unlikely a restore tabs (with cookies) feature could be randomly running at the same time.

I remember seeing a feature in Firefox to clear all cookies on exit as well, are they rebooting around that time?

Hope I helped.