Requires 'Remember Me' to be checked in order to log in.

[zer01ne]

Using the default username and password, (admin@admin.com / password), Ion Auth will not keep me logged in unless I check the 'Remember Me' checkbox. I have tried multiple times, but get the same results. I do not get a displayed error, just recycles to base_url. However, if I check the 'Remember Me' button, then it keeps me logged in.

[benedmunds]

What exactly do you mean by "keep me logged in". What version of Ion Auth are you using?

[bertiful]

And does this only happen with the default username and password?

[zer01ne]

When you type an invalid password or username, you get an error; however, when you type in the right username and password, you are successfully logged in and redirected to "base_url". I can successfully log in, however, after I try to navigate to "./auth/", I am prompted to log in again.

The only way that I can stay logged in with Ion Auth is if I check the "Remember Me" button.

I am using the latest version as well.

[benedmunds]

Does this happen in multiple browsers or just in a particular browser?

[zer01ne]

I have only tried in firefox(gentoo Linux) and I have created another user and tried that one too with no success. I can try opera or dolphin when I get home.

Sent from my iPhone

On Jan 17, 2012, at 9:03 AM, Ben Edmunds reply@reply.github.com wrote:

Does this happen in multiple browsers or just in a particular browser?

---

Reply to this email directly or view it on GitHub: https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/156#issuecomment-3533570

[benedmunds]

Try another browser and let me know. Thanks!

[zer01ne]

Alright, I tried a few things to try and eliminate problems that it could be. I am not sure what is going on though, this whole process is confusing.

I tried Opera (on Gentoo Linux), Firefox (on Gentoo Linux), Firefox (on Windows 7), Internet Explorer (on Windows 7) all resulting in the same problem. So I thought that maybe my php.ini is causing problems, so I went ahead and hosted the website on my domain, and the same results occurred there with all the browsers listed above. My last shot at trying something new was, install Tank Auth. That didn't exactly work out the way I wanted either. Tank Auth has the same results. The only thing left is; either my .htaccess file is not right or my config.php is not configured right. I have posted both on pastebin in hopes that this would be the problem. Thanks again for your help in this problem. I am almost positive that this is user error at this point.

ion_auth.php --> http://pastebin.com/fMBmU8js config.php --> http://pastebin.com/itMRGcm4 .htaccess --> http://pastebin.com/JuHWxfwN

[benedmunds]

Try the following changes to config.php. You shouldn't need to do this but I'm just trying to troubleshoot. Make sure to change your session table name in your database as well.

http://pastebin.com/Nth2YK3F

[zer01ne]

That didn't work.

[benedmunds]

Hmm, what if you remove the .htaccess completely?

[zer01ne]

That didn't work either. I had to change the index_page to get that working (obviously).. but login system still didn't work. As a question... would you like me to zip the entire website folder and email it to you so that you can see everything on your end? I know it is a bold request, but I am not sure how much you can troubleshoot without seeing everything. (I am also not sure how far down the rabbit hole you are willing to go in terms of troubleshooting this problem). Again, I do appreciate your help this far.

[benedmunds]

Yea sure, my email is ben.edmunds@gmail.com.

Ill try to take a look sometime tomorrow.

[zer01ne]

For some reason, i turned $config['sess_use_database'] = FALSE; and it worked. I am not sure why that would have an effect on this, but I am guessing there must be a problem with the session using the database and a conflict with ion auth. for now, I will leave it disabled until something is fixed.

[benedmunds]

Very weird. I'm going to close this issue since it's obviously not an Ion Auth issue but something with the Session library.

[alanquintana]

I'm having the same issue, only $config['sess_use_database'] = FALSE; didn't work for me.

Strange thing is it works on another project, i have 2 projects, project 1 works, project 2 is the one with the problem, also is an identical copy of 1 with a different DB

This is my sessions table after 1 login attemp: "7ef5b5c21d989a6076b307c118b0337b";"192.168.1.155";"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko)Chrome/16.0.912.75 Safari/535.7";"1330106805"; "88d61e1cbee6e854af67b8f18dc63c2a";"192.168.1.155";"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko)Chrome/16.0.912.75 Safari/535.7";"1330106805"; "4727013e061f2ff6be517c23627c60c7";"192.168.1.155";"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.7 (KHTML, like Gecko)Chrome/16.0.912.75 Safari/535.7";"1330106804";"a:6{s:9:\"user_data\";s:0:\"\";s:8:\"username\";s:13:\"administrator\";s:5:\"email\";s:15:\"admin@admin.com\";s:7:\"user_id\";s:1:\"1\";s:14:\"old_last_login\";s:10:\"1330106768\";s:17:\"flash:new:mensaje\";s:32:\"Sesión iniciada con éxito
\";}"

What i have been able to see is that it does login, but the user gets logged out in ion_auth->logged_in() method

[benedmunds]

Any differences in the php.ini that seem suspect? Any differences in different browsers?

[alanquintana]

php.ini is identical in both projects, tested in chrome, firefox and ie8 under windows xp, safari and chrome under mac osx all with the same result

[benedmunds]

What about the session cookie names in the CI config?

[alanquintana]

only difference between them is sess_cookie_name

[benedmunds]

What are the cookie names? Please denote the working one vs the non-working one, I'll try to reproduce locally.

[alanquintana]

$config['sess_cookie_name'] = 'escodi'; //working

$config['sess_cookie_name'] = 'zepeda.directorio'; //not working

[benedmunds]

I haven't had a chance to test this yet but you can try getting rid of the period in the cookie name and see what happens.

-Ben Edmunds 706.289.4115 ben.edmunds@gmail.com (mailto:ben.edmunds@gmail.com)

On Thursday, March 22, 2012 at 11:41 AM, alanmi416 wrote:

$config['sess_cookie_name'] = 'escodi'; //working

$config['sess_cookie_name'] = 'zepeda.directorio'; //not working

---

Reply to this email directly or view it on GitHub: https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/156#issuecomment-4640989

[alanquintana]

it seems to be working after removing the period in the cookie name, never tought something so simple could be the problem, thanks Ben

On Thu, Mar 22, 2012 at 1:17 PM, Ben Edmunds < reply@reply.github.com

wrote:

I haven't had a chance to test this yet but you can try getting rid of the period in the cookie name and see what happens.

-Ben Edmunds 706.289.4115 ben.edmunds@gmail.com (mailto:ben.edmunds@gmail.com)

On Thursday, March 22, 2012 at 11:41 AM, alanmi416 wrote:

$config['sess_cookie_name'] = 'escodi'; //working

$config['sess_cookie_name'] = 'zepeda.directorio'; //not working

---

Reply to this email directly or view it on GitHub:

https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/156#issuecomment-4640989

---

Reply to this email directly or view it on GitHub:

https://github.com/benedmunds/CodeIgniter-Ion-Auth/issues/156#issuecomment-4647394

[benedmunds]

No problem, glad it's working now.

[bishsbytes]

Hi. Did you ever identify the root cause of this issue?

I am seeing this behaviour, but unfortunately changing $config['sess_use_database'] = FALSE doesn't work.

My $config['sess_cookie_name'] is also just letters, no 'special' characters.

The only thing different to the usual default config is that I'm using the 'phone' column as identity rather than username or email.

[bishsbytes]

I think I have figured out my issue...

As I am using the 'phone' column for identity, I needed to add it to the database select in the login() function. This then needs to be passed in to the $session_data array.

Hope this helps others!

[benedmunds]

So you added it as you're identity in the config file but then had to also make changes in the library?

[bishsbytes]

Yeah, that's right. My config says $config['identity'] = 'phone';

But I couldn't login without 'Remember Me' until I explicitly set 'phone' to be selected from the DB and passed into the session_data array in the login function.

[benedmunds]

Thanks for the info, I'll create a new issue for this.

[benedmunds]

Issue = #190

[bishsbytes]

Cheers Ben.

Another thing I noticed as a result of using 'phone' as identity is that identity_check() is protected, so I can't call it in my own validation functions.

I guess this should be public like the email_check() ?

[rstein2000]

I'm seeing the same issue as the original poster. If "$config['sess_use_database']" is set to TRUE in the application/config/config.php file, and if the "Remember Me" box is NOT checked on login, then Ion Auth appears to process the login attempt as valid (if the credentials are correct) and redirects the user to index page, but the user is NOT logged in.

Alternatively, if either the "$config['sess_use_database']" is set to FALSE, or if the "Remember Me" box IS checked, then everything works as expected.

Additionally, if "$config['sess_use_database']" is set to TRUE, the "Incorrect Login" message does not appear if the user attempts to log in with incorrect credentials.

[benedmunds]

Ion Auth doesn't care what session type you use, CI handles that. Try the usual stuff like making sure you're cookie name doesnt have any characters, just letter. Check the session and see if the cookie is being set. Try using the session outside of ion auth and see what happens.

[rstein2000]

The only non-letter character in the cookie name was an underscore, and renaming it without the underscore didn't change anything. And Ion Auth's default "remember me" cookie name uses an underscore ("remember_code") and it seems to function fine as is, so I'd be surprised if an underscore in a cookie name created issues in one case but not the other.

As to your other points, a session cookie is being set, and it is accessible and behaving normally. And for that matter the ci_session table in the database is updating normally (and adding/removing the underscore in "ci_session" also didn't affect any behavior).

I've been working on this on and off for a few days, and it truly seems down to $config['sess_use_database']. When it's set to FALSE, everything in Ion Auth works out of the box. Set it to TRUE, and the Ion Auth login only persists on the redirect if "Remember Me" is checked.

Additionally, $config['sess_use_database'] = TRUE causes the flashdata in Ion Auth to disappear, regardless of whether "Remember Me" is checked. So for example, an incorrect log in attempt generates no message to the user. I even added a line of code to see if there was anything at all from Ion Auth in the flashdata, and there's not.

I'm far from your level of Codeigniter fluency, but it seems to me that the CI session database activity may be doing something to disrupt the writing of flashdata by Ion Auth (or at least disrupting its persistence). If I understand correctly how Ion Auth passes information to itself after a redirect, that could explain both why the "remember_code" cookie must be present for the login to persist after Ion Auth redirects following a login attempt, and why the Ion Auth flashdata variable is empty when called following a redirect.

[benedmunds]

Hmm, check you're timeout for the session in the CI config. Try it in a few different browsers. Other than that I'm not really sure since this is working fine for me, I think it has to be some type of environment setting/issue.

[rstein2000]

Well, I don't know how it happened, but after reconstructing my test site to try to track down any other possible causes, I found a solution.

I dropped my ci_sessions table and rebuilt it. And that was it. There must have been something bad lurking in there, even though the old and new table schema are identical.

No idea what could have been happening that would have been solved by dropping/rebuilding with identical schema, but there you have it. Thanks anyway for your timely responses, Ben.

[benedmunds]

Well I'm glad it's working, have fun.

[liam1412]

Hi Ben

I am having an issue with IE8. It seems that login cookies are not been stored. Is this a known issue. I am using Database for sessions.

[benedmunds]

Do a search on the forums for issues with IE8 cookies, usually has something to do with a special character in your cookie name.

[libertux]

Hi, Same thing here I can't login, i'm always redirected to the login form until i deactivate the "sess_use_database" param. Any solution? Tested on firefox and chrome, but same issue. I'm using a custom session table "yass_session" and not "ci_session" so if the session table is hard coded please tell us to use it as it is. THANKS

[benedmunds]

It's not hard coded in Ion Auth, it just uses your CI sessions. Try creating a test controller and make sure the session is working as expected there. CI Sessions can be volatile.

[libertux]

thanks for quick replay :) I add a test controller but still same issue when using session database! but when i desable the session uses datapase param it's works!

[benedmunds]

Then it's definitely something with your CI/PHP/DB/server setup.

[libertux]

I dont think so because i do it on 2 PC's with 2 different WAMP version with 2 diferent OS, ut still have the same issue, maybe it's due to configuration!

[benedmunds]

That would be the CI in the equation. Try it with the default table name.

[caseyh]

Hi there - I happened upon this thread of comments looking for a solution and there were bits and pieces that seemed to make some sense, but I couldn't get the full picture, so I finally (after like 3 hours) dissected the cookies and the sessions db table.

The issue I had was that while storing the sessions in the db, CI continually invalidated sessions on each call to the stack, authentication or just page reload. For example, it would generate your logged in session, throw the data in the database, send the cookie, and then on the redirect would invalidate your session and generate a new one and go through the motions again. The issue for me was that sessions were dependent upon matching user agents and the varchar length in the db was too short for the user agent, so it would always find a mismatch. Make the varchar larger and voila, problem solved. I had copied the sql from http://snipplr.com/view/17631/codeigniter-session-table-sql/ NOT the CI user guide, which is bothersome.

So, if you are having issues, CI and Ion are both not to 'blame' - turn off any settings that cause the session to be constantly revalidated and see what happens. You might find that you actually had failed to properly set up your application. Wish I had started there.

Cheers!

[benedmunds]

Thanks for posting this info, appreciate it!

-Ben Edmunds

On Jun 25, 2014, at 11:58 PM, caseyh notifications@github.com wrote:

Hi there - I happened upon this thread of comments looking for a solution and there were bits and pieces that seemed to make some sense, but I couldn't get the full picture, so I finally (after like 3 hours) dissected the cookies and the sessions db table.

The issue I had was that while storing the sessions in the db, CI continually invalidated sessions on each call to the stack, authentication or just page reload. For example, it would generate your logged in session, throw the data in the database, send the cookie, and then on the redirect would invalidate your session and generate a new one and go through the motions again. The issue for me was that sessions were dependent upon matching user agents and the varchar length in the db was too short for the user agent, so it would always find a mismatch. Make the varchar larger and voila, problem solved. I had copied the sql from http://snipplr.com/view/17631/codeigniter-session-table-sql/ NOT the CI user guide, which is bothersome.

So, if you are having issues, CI and Ion are both not to 'blame' - turn off any settings that cause the session to be constantly revalidated and see what happens. You might find that you actually had failed to properly set up your application. Wish I had started there.

Cheers!

— Reply to this email directly or view it on GitHub.

[ar27111994]

Still having this issue. Please help. @benedmunds @caseyh

[ar27111994]

Ok just figured it out. Its an ongoing issue with codeigniter sessions and PHP 7.1 and hasn't been fixed yet AFAIK.

[benedmunds]

2 is correct. Merged the PR, thanks so much!