Closed anneachey closed 9 years ago
Please post both your CI config and your Ion Auth config.
Ion auth
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /**
/* | ------------------------------------------------------------------------- | Tables. |
---|---|---|
Database table names. |
*/ $config['tables']['users'] = 'users'; $config['tables']['groups'] = 'groups'; $config['tables']['users_groups'] = 'users_groups'; $config['tables']['login_attempts'] = 'login_attempts';
/* | Users table column and Group table column you want to join WITH. |
---|---|
Joins from users.id | |
Joins from groups.id |
*/ $config['join']['users'] = 'user_id'; $config['join']['groups'] = 'group_id';
/* | ------------------------------------------------------------------------- | Hash Method (sha1 or bcrypt) |
---|---|---|
Bcrypt is available in PHP 5.3+ | ||
IMPORTANT: Based on the recommendation by many professionals, it is highly recommended to use | ||
bcrypt instead of sha1. | ||
NOTE: If you use bcrypt you will need to increase your password column character limit to (80) | ||
Below there is "default_rounds" setting. This defines how strong the encryption will be, | ||
but remember the more rounds you set the longer it will take to hash (CPU usage) So adjust | ||
this based on your server hardware. | ||
If you are using Bcrypt the Admin password field also needs to be changed in order login as admin: | ||
$2a$07$SeBknntpZror9uyftVopmu61qg0ms8Qv1yV6FG.kQOSM.9QhmTo36 | ||
Be careful how high you set max_rounds, I would do your own testing on how long it takes | ||
to encrypt with x rounds. | ||
salt_prefix: Used for bcrypt. Versions of PHP before 5.3.7 only support "$2a$" as the salt prefix | ||
Versions 5.3.7 or greater should use the default of "$2y$". |
*/ $config['hash_method'] = 'bcrypt'; // sha1 or bcrypt, bcrypt is STRONGLY recommended $config['default_rounds'] = 8; // This does not apply if random_rounds is set to true $config['random_rounds'] = FALSE; $config['min_rounds'] = 5; $config['max_rounds'] = 9; $config['salt_prefix'] = '$2y$';
/* | ------------------------------------------------------------------------- | Authentication options. |
---|---|---|
maximum_login_attempts: This maximum is not enforced by the library, but is | ||
used by $this->ion_auth->is_max_login_attempts_exceeded(). | ||
The controller should check this function and act | ||
appropriately. If this variable set to 0, there is no maximum. |
*/ $config['site_title'] = "Example.com"; // Site Title, example.com $config['admin_email'] = "admin@example.com"; // Admin Email, admin@example.com $config['default_group'] = 'members'; // Default group, use name $config['admin_group'] = 'admin'; // Default administrators group, use name $config['identity'] = 'email'; // A database column which is used to login with $config['min_password_length'] = 8; // Minimum Required Length of Password $config['max_password_length'] = 20; // Maximum Allowed Length of Password $config['email_activation'] = FALSE; // Email Activation for registration $config['manual_activation'] = FALSE; // Manual Activation for registration $config['remember_users'] = TRUE; // Allow users to be remembered and enable auto-login $config['user_expire'] = 86500; // How long to remember the user (seconds). Set to zero for no expiration $config['user_extend_on_login'] = FALSE; // Extend the users cookies every time they auto-login $config['track_login_attempts'] = FALSE; // Track the number of failed login attempts for each user or ip. $config['track_login_ip_address'] = TRUE; // Track login attempts by IP Address, if FALSE will track based on identity. (Default: TRUE) $config['maximum_login_attempts'] = 3; // The maximum number of failed login attempts. $config['lockout_time'] = 600; // The number of seconds to lockout an account due to exceeded attempts $config['forgot_password_expiration'] = 0; // The number of milliseconds after which a forgot password request will expire. If set to 0, forgot password requests will not expire.
/* | ------------------------------------------------------------------------- | Cookie options. |
---|---|---|
remember_cookie_name Default: remember_code | ||
identity_cookie_name Default: identity |
*/ $config['remember_cookie_name'] = 'remember_code'; $config['identity_cookie_name'] = 'identity';
/* | ------------------------------------------------------------------------- | Email options. |
---|---|---|
email_config: | ||
'file' = Use the default CI config or use from a config file | ||
array = Manually set your email config settings |
*/ $config['use_ci_email'] = FALSE; // Send Email using the builtin CI email class, if false it will return the code and the identity $config['email_config'] = array( 'mailtype' => 'html', );
/* | ------------------------------------------------------------------------- | Email templates. |
---|---|---|
Folder where email templates are stored. | ||
Default: auth/ |
*/ $config['email_templates'] = 'auth/email/';
/* | ------------------------------------------------------------------------- | Activate Account Email Template |
---|---|---|
Default: activate.tpl.php |
*/ $config['email_activate'] = 'activate.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Email Template |
---|---|---|
Default: forgot_password.tpl.php |
*/ $config['email_forgot_password'] = 'forgot_password.tpl.php';
/* | ------------------------------------------------------------------------- | Forgot Password Complete Email Template |
---|---|---|
Default: new_password.tpl.php |
*/ $config['email_forgot_password_complete'] = 'new_password.tpl.php';
/* | ------------------------------------------------------------------------- | Salt options |
---|---|---|
salt_length Default: 22 | ||
store_salt: Should the salt be stored in the database? | ||
This will change your password encryption algorithm, | ||
default password, 'password', changes to | ||
fbaa5e216d163a02ae630ab1a43372635dd374c0 with default salt. |
*/ $config['salt_length'] = 22; $config['store_salt'] = FALSE;
/* | ------------------------------------------------------------------------- | Message Delimiters. |
---|
*/ $config['delimiters_source'] = 'config'; // "config" = use the settings defined here, "form_validation" = use the settings defined in CI's form validation library $config['message_start_delimiter'] = '
'; // Message start delimiter $config['message_end_delimiter'] = '
'; // Message end delimiter $config['error_start_delimiter'] = ''; // Error mesage start delimiter $config['error_end_delimiter'] = '
'; // Error mesage end delimiter/* End of file ionauth.php / /_ Location: ./application/config/ion_auth.php */
config
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/* | -------------------------------------------------------------------------- | Base Site URL |
---|---|---|
URL to your CodeIgniter root. Typically this will be your base URL, | ||
WITH a trailing slash: | ||
http://example.com/ | ||
If this is not set then CodeIgniter will guess the protocol, domain and | ||
path to your installation. | ||
*/ $config['base_url'] = 'http://local.dev/index.php';
/* | -------------------------------------------------------------------------- | Index File |
---|---|---|
Typically this will be your index.php file, unless you've renamed it to | ||
something else. If you are using mod_rewrite to remove the page set this | ||
variable so that it is blank. | ||
*/ $config['index_page'] = ' ';
/* | -------------------------------------------------------------------------- | URI PROTOCOL |
---|---|---|
This item determines which server global should be used to retrieve the | ||
URI string. The default setting of 'AUTO' works for most servers. | ||
If your links do not seem to work, try one of the other delicious flavors: | ||
'AUTO' Default - auto detects | ||
'PATH_INFO' Uses the PATH_INFO | ||
'QUERY_STRING' Uses the QUERY_STRING | ||
'REQUEST_URI' Uses the REQUEST_URI | ||
'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO | ||
*/ $config['uri_protocol'] = 'AUTO';
/* | -------------------------------------------------------------------------- | URL suffix |
---|---|---|
This option allows you to add a suffix to all URLs generated by CodeIgniter. | ||
For more information please see the user guide: | ||
http://codeigniter.com/user_guide/general/urls.html |
*/
$config['url_suffix'] = '';
/* | -------------------------------------------------------------------------- | Default Language |
---|---|---|
This determines which set of language files should be used. Make sure | ||
there is an available translation if you intend to use something other | ||
than english. | ||
*/ $config['language'] = 'english';
/* | -------------------------------------------------------------------------- | Default Character Set |
---|---|---|
This determines which character set is used by default in various methods | ||
that require a character set to be provided. | ||
*/ $config['charset'] = 'UTF-8';
/* | -------------------------------------------------------------------------- | Enable/Disable System Hooks |
---|---|---|
If you would like to use the 'hooks' feature you must enable it by | ||
setting this variable to TRUE (boolean). See the user guide for details. | ||
*/ $config['enable_hooks'] = FALSE;
/* | -------------------------------------------------------------------------- | Class Extension Prefix |
---|---|---|
This item allows you to set the filename/classname prefix when extending | ||
native libraries. For more information please see the user guide: | ||
http://codeigniter.com/user_guide/general/core_classes.html | ||
http://codeigniter.com/user_guide/general/creating_libraries.html | ||
*/ $config['subclassprefix'] = 'MY';
/* | -------------------------------------------------------------------------- | Allowed URL Characters |
---|---|---|
This lets you specify with a regular expression which characters are permitted | ||
within your URLs. When someone tries to submit a URL with disallowed | ||
characters they will get a warning message. | ||
As a security measure you are STRONGLY encouraged to restrict URLs to | ||
as few characters as possible. By default only these are allowed: a-z 0-9~%.:_- | ||
Leave blank to allow all characters -- but only if you are insane. | ||
DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | ||
*/ $config['permitted_urichars'] = 'a-z 0-9~%.:-';
/* | -------------------------------------------------------------------------- | Enable Query Strings |
---|---|---|
By default CodeIgniter uses search-engine friendly segment based URLs: | ||
example.com/who/what/where/ | ||
By default CodeIgniter enables access to the $_GET array. If for some | ||
reason you would like to disable it, set 'allow_get_array' to FALSE. | ||
You can optionally enable standard query string based URLs: | ||
example.com?who=me&what=something&where=here | ||
Options are: TRUE or FALSE (boolean) | ||
The other items let you set the query string 'words' that will | ||
invoke your controllers and its functions: | ||
example.com/index.php?c=controller&m=function | ||
Please note that some of the helpers won't work as expected when | ||
this feature is enabled, since CodeIgniter is designed primarily to | ||
use segment based URLs. | ||
*/ $config['allow_get_array'] = TRUE; $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; $config['directory_trigger'] = 'd'; // experimental not currently in use
/* | -------------------------------------------------------------------------- | Error Logging Threshold |
---|---|---|
If you have enabled error logging, you can set an error threshold to | ||
determine what gets logged. Threshold options are: | ||
You can enable error logging by setting a threshold over zero. The | ||
threshold determines what gets logged. Threshold options are: | ||
0 = Disables logging, Error logging TURNED OFF | ||
1 = Error Messages (including PHP errors) | ||
2 = Debug Messages | ||
3 = Informational Messages | ||
4 = All Messages | ||
For a live site you'll usually only enable Errors (1) to be logged otherwise | ||
your log files will fill up very fast. | ||
*/ $config['log_threshold'] = 0;
/* | -------------------------------------------------------------------------- | Error Logging Directory Path |
---|---|---|
Leave this BLANK unless you would like to set something other than the default | ||
application/logs/ folder. Use a full server path with trailing slash. | ||
*/ $config['log_path'] = '';
/* | -------------------------------------------------------------------------- | Date Format for Logs |
---|---|---|
Each item that is logged has an associated date. You can use PHP date | ||
codes to set your own date formatting | ||
*/ $config['log_date_format'] = 'Y-m-d H:i:s';
/* | -------------------------------------------------------------------------- | Cache Directory Path |
---|---|---|
Leave this BLANK unless you would like to set something other than the default | ||
system/cache/ folder. Use a full server path with trailing slash. | ||
*/ $config['cache_path'] = '';
/* | -------------------------------------------------------------------------- | Encryption Key |
---|---|---|
If you use the Encryption class or the Session class you | ||
MUST set an encryption key. See the user guide for info. | ||
*/ $config['encryption_key'] = 'loa1BO639RHCfZ9dI7J8kno1Qb13dW1D';
/* | -------------------------------------------------------------------------- | Session Variables |
---|---|---|
'sess_cookie_name' = the name you want for the cookie | ||
'sess_expiration' = the number of SECONDS you want the session to last. | ||
by default sessions last 7200 seconds (two hours). Set to zero for no expiration. | ||
'sess_expire_on_close' = Whether to cause the session to expire automatically | ||
when the browser window is closed | ||
'sess_encrypt_cookie' = Whether to encrypt the cookie | ||
'sess_use_database' = Whether to save the session data to a database | ||
'sess_table_name' = The name of the session database table | ||
'sess_match_ip' = Whether to match the user's IP address when reading the session data | ||
'sess_match_useragent' = Whether to match the User Agent when reading the session data | ||
'sess_time_to_update' = how many seconds between CI refreshing Session Information | ||
*/ $config['sess_cookie_name'] = 'ubi'; $config['sess_expiration'] = 7200; $config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300;
/* | -------------------------------------------------------------------------- | Cookie Related Variables |
---|---|---|
'cookie_prefix' = Set a prefix if you need to avoid collisions | ||
'cookie_domain' = Set to .your-domain.com for site-wide cookies | ||
'cookie_path' = Typically will be a forward slash | ||
'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists. | ||
*/ $config['cookie_prefix'] = ""; $config['cookie_domain'] = ""; $config['cookie_path'] = "/"; $config['cookie_secure'] = FALSE;
/* | -------------------------------------------------------------------------- | Global XSS Filtering |
---|---|---|
Determines whether the XSS filter is always active when GET, POST or | ||
COOKIE data is encountered | ||
*/ $config['global_xss_filtering'] = FALSE;
/* | -------------------------------------------------------------------------- | Cross Site Request Forgery |
---|---|---|
Enables a CSRF cookie token to be set. When set to TRUE, token will be | ||
checked on a submitted form. If you are accepting user data, it is strongly | ||
recommended CSRF protection be enabled. | ||
'csrf_token_name' = The token name | ||
'csrf_cookie_name' = The cookie name | ||
'csrf_expire' = The number in seconds the token should expire. |
*/ $config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200;
/* | -------------------------------------------------------------------------- | Output Compression |
---|---|---|
Enables Gzip output compression for faster page loads. When enabled, | ||
the output class will test whether your server supports Gzip. | ||
Even if it does, however, not all browsers support compression | ||
so enable only if you are reasonably sure your visitors can handle it. | ||
VERY IMPORTANT: If you are getting a blank page when compression is enabled it | ||
means you are prematurely outputting something to your browser. It could | ||
even be a line of whitespace at the end of one of your scripts. For | ||
compression to work, nothing can be sent before the output buffer is called | ||
by the output class. Do not 'echo' any values with compression enabled. | ||
*/ $config['compress_output'] = FALSE;
/* | -------------------------------------------------------------------------- | Master Time Reference |
---|---|---|
Options are 'local' or 'gmt'. This pref tells the system whether to use | ||
your server's local time as the master 'now' reference, or convert it to | ||
GMT. See the 'date helper' page of the user guide for information | ||
regarding date handling. | ||
*/ $config['time_reference'] = 'local';
/* | -------------------------------------------------------------------------- | Rewrite PHP Short Tags |
---|---|---|
If your PHP installation does not have short tag support enabled CI | ||
can rewrite the tags on-the-fly, enabling you to utilize that syntax | ||
in your view files. Options are TRUE or FALSE (boolean) | ||
*/ $config['rewrite_short_tags'] = FALSE;
/* | -------------------------------------------------------------------------- | Reverse Proxy IPs |
---|---|---|
If your server is behind a reverse proxy, you must whitelist the proxy IP | ||
addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR | ||
header in order to properly identify the visitor's IP address. | ||
Comma-delimited, e.g. '10.0.1.200,10.0.1.201' | ||
*/ $config['proxy_ips'] = '';
/* End of file config.php / / Location: ./application/config/config.php */
That looks good. Try adding
var_dump($this->session->all_userdata());
and see what you get
I am also getting the same issue while trying to accessing the $this->session->all_userdata()
using AJAX calls. Is there any configuration or changes required for ajax calls because its working fine with page refresh but its logged me out while accessing in ajax.
FYI: I am working on REST based application using CedeIgniter and using rest-server
to implement. https://github.com/chriskacerguis/codeigniter-restserver
It might be your session settings in you CI config. Try setting:
$config['sess_match_useragent'] = FALSE;
Any updates? Closing until more information is given.
I logged into the application using the default admin@admin.com, password credentials. The session is set in the sessions table.
class Login extends CI_Controller { public function confirm_account($id) { if (!$this->ion_auth->logged_in()) { redirect('login', 'refresh'); } $user = $this->ion_auth->current()->user(); $session_id = $this->session->userdata('user_id'); } }
I am not able to access the session in the manner specified above. Above all I am not even detected as logged in and thus get logged out always. Do I not have direct access of session? Or if I do, what am I doing wrong here?