CodeIgniter sessions not working in Windows 8

Question

Dani 4,329 The Queen of DaniWeb

12 Years Ago

We use CodeIgniter custom session data to handle our login (among many other things). Our settings are as follows:

$config['sess_cookie_name']     = 'danisession';
$config['sess_expiration']      = 0;
$config['sess_expire_on_close'] = FALSE;
$config['sess_encrypt_cookie']  = TRUE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']      = 'ci_sessions';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent'] = FALSE;
$config['sess_time_to_update']  = 300;

...

$config['csrf_protection'] = true;
$config['csrf_token_name'] = 'csrf_token';
$config['csrf_cookie_name'] = 'csrf_cookie';
$config['csrf_expire'] = 7200;

We used to have sess_match_useragent set to true, but had to change it to false because it was causing issues with certain useragents that were giving different useragent info on each page load.

Now, we are experiencing the issue where a clean installation of Windows 8 is throwing back the CSRF error message for an invalid or expired token upon submitting a post request.

codeigniter php windows-vista-7-8

6 Contributors
19 Replies
2K Views
4 Months Discussion Span
Latest Post 11 Years Ago Latest Post by Mark_k

LastMitch

12 Years Ago

@Dani

There's nothing wrong with your config.

What web browser?

IE

Read this:

http://codeigniter.com/forums/viewthread/191009/

It's kinda hard to dupilcate the issue that you are having.

You can try this:

https://github.com/EllisLab/CodeIgniter/wiki/Native-session

Is there something wrong with the website? I don't see any error?

Edited 12 Years Ago by LastMitch because: grammer

LastMitch

12 Years Ago

Oh, I'm sorry about that. I did't understand your question. Now I understand.

diafol

12 Years Ago

Maybe a stupid question but is the token in the form the same as the token in the cookie?
Also, on page refresh, is the form token different every time?
It works on W7 - but you already know that.

deceptikon 1,790 Code Sniper

12 Years Ago

What web browser?

All that were tried: IE10 and Chrome.

Does the problem happen when submitting any DaniWeb form, including trying to search

I didn't try. Sadly, the hard drive that I bought to house Windows 8 died last night...

Does the problem happen on other CodeIgniter-based sites, such as http://codeigniter.com/forums/

I didn't try, but that will be in my troubleshooting steps when I get a new hard drive and get the system back on its feet.

cereal 1,524 Nearly a Senior Poster

12 Years Ago

Try to remove the underscore from the CSRF cookie name:

$config['csrf_cookie_name'] = 'csrfcookie';

From what I've read in the past, it seems that latests IE versions don't like it.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 1 · 2012-11-18T03:05:25+00:00

I can't really debug this because I'm on a Mac, but for those experiencing the problem, can you answer the following:

What web browser?
Does the problem happen when submitting any DaniWeb form, including trying to search
Does the problem happen on other CodeIgniter-based sites, such as http://codeigniter.com/forums/

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 2 · 2012-11-18T04:58:05+00:00

Dani 4,329 The Queen of DaniWeb

12 Years Ago

LastMitch, the problem is related to CSRF, not sessions.

diafol · Answer 3 · 2012-11-18T14:51:12+00:00

Try to remove the underscore from the CSRF cookie name:

Missed that. I read that too. I was looking at the sessname cookie. +1

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 4 · 2012-11-18T17:20:20+00:00

From what I've read in the past, it seems that latests IE versions don't like it.

I read that too on another forum, but supposedly it was tried to no success. What's weird is that there are people for which IE10 and Windows 8 work fine.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 5 · 2012-11-18T17:55:40+00:00

Another thing to try, that would explain why it works for one person and not another:

Try Internet Explorer Compatability mode both in IE10 mode and also in IE9 mode, and let me know if one works and the other doesn't.

diafol · Answer 6 · 2012-11-18T18:14:26+00:00

Add in W7/IE9 (64-bit) : success

Add in W7/IE9 Compat (64-bit) : success

Consistent csrf token throughout compatibility switching through v9 and v8 and switching user agent string.

Sorry don't have IE10/W8. And I don't want to download the preview version.

This ain't a DNT issue is it?

deceptikon 1,790 Code Sniper Team Colleague Featured Poster · Answer 7 · 2012-11-18T18:25:36+00:00

Just an update, I got a new hard drive and installed Windows 8 again but this time without the SmartScreen filter enabled by default. I'm now posting from that installation, so there's something about that filter that boogers up our sessions.

Still a high priority issue though, given that SmartScreen is enabled in the default custom settings and the express install settings.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 8 · 2012-11-18T18:47:28+00:00

So SmartScreen is something that can be enabled/disabled on the fly for Internet Explorer, right? Why would that be affecting Chrome??

deceptikon 1,790 Code Sniper Team Colleague Featured Poster · Answer 9 · 2012-11-18T18:53:55+00:00

Apparently it's built into the OS too, but IE10 has a version to check URLs. I'm guessing the OS level filter affects other browsers too, otherwise I'd agree that it shouldn't affect Chrome.

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 10 · 2012-11-18T19:55:52+00:00

So can you try flipping the switch on the OS-level one, and see if both browsers stop working?

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 11 · 2012-11-18T20:34:21+00:00

Upon doing some more research, it appears that IE8 includes the SmartScreen filter. It turns out I've always had it enabled. So either MS has done some extensive changes to SmartScreen or something else is going on here.

Mark_k · Answer 12 · 2013-04-02T22:24:22+00:00

The solution for me was this:

Edit application/config/user_agants.php and add 'windows nt 6.2' => 'Windows 8', to the $platforms array().

After that it should be safe to set $config['sess_match_useragent'] => true;

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 13 · 2013-04-02T22:27:37+00:00

I've finally upgraded to Windows 8 and everything seems to be working for me without having made any changes. Odd??

Mark_k · Answer 14 · 2013-04-08T15:57:54+00:00

Yeah, scratch what I said earlier. Turns out that the problem I was having was due to the IE 9 and 10 VMs that Microsoft released for testing all version of IE http://osxdaily.com/2011/09/04/internet-explorer-for-mac-ie7-ie8-ie-9-free/

I'm still not exactly sure why it was happening, but I did a lot of testing on the cookies and I was able to find out that the cookies were expiring 3 hours ahead of schedule even though they were being set correctly. Even the expiration date that was displayed in IE's developer tools was correct.

Timezone and server time are all set correctly so, again, I'm still not sure what the issue is here, but it's definitely confined within the VMs. Works fine otherwise.

If anyone else has any insight about this I would love to know.

Cheers.