0

Codeigniter 3 bug? Session lost after redirect. How to fix it?

Codeigniter session is lost after redirect.

I think this is a codeigniter 3 bug. I created a simple login page with Codeigniter 3.1.0, running on PHP 7.3 with apache webserver. When i click login button, session created and redirected to a home page. But the problem occured here. Session is missing after redirect to home page. I printed out the session by var_dump($this->session->userdata()); but it only shows array(1) { ["__ci_last_regenerate"]=> int(1690643484) } without any contents there.

Codeigniter session is lost after redirect

i then find out for the solution for a week. Finally, i know what the issue exactly is.. The issue is caused by: the length (as well as the name) of session cookie is not match compared to a logic in system/libraries/Session/session.php

If you open the cookie in developer tools, The cookies only have 26 of length.

cae01o74tm54uejufuj0oj921o

Whereas in session.php, at the line 133-134, the code only works if cookies length is set to 40 and combination of the name only permitted in number (0-9) and letter (a-f).

That doesn’t meet the current condition. So we must change this line to

preg_match('/^[0-9a-z]{22,40}$
Codeigniter session is lost after redirect

I found that solution from stackoverflow: https://stackoverflow.com/questions/12240922/what-is-the-length-of-a-php-session-id-string

I just known, the session cookies length is generated based on session.sid_length and session.sid_bits_per_character in php.ini. For example, in my computer i now used:

  • session.sid_length = 26
  • session.sid_bits_per_character = 5

That means, the cookie will have max 26 of length (example: cae01o74tm54uejufuj0oj921o), whereis contains 5 bits per character (5 bits: 0-9, a-v).

So if you wanna adjust it, you can change on your php.ini. Don’t forget to restart your apache if you made any changes.

Ambar Hasbiyatmoko

Hello, I'm web developer. Passionate about programming, web server, and networking.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.