Because of our payment system we have to use some kind of relay system that is on third party website, to have valid PCI (HTTPS).
We are currently facing a wierd bug we have used too many hours on now.
We have 4 steps in our registration.
This is how we do: On step 1 we save all post data into a session $this->session->set_userdata("campaigncreation", $out); And yes $out contains all the data.
On step we can easily print out the session data for campaigncreation; <?print_r($this->session->userdata)?>
Because we need to go to another website, we add the session_id into our call, to keep the session on third party website.
Our url is like: https://relay.ditonlinebetalingssystem.dk/relay/v2/relay.cgi/http://xxxx.dk/something/controller/a1264526031adb9c71ae433eef44bfa0
As you see we take the session_id (<?=$this->session->userdata("session_id")?>) in the URL, and in our controller we replace the session id with that in the controller as this:
$phpsess is "a1264526031adb9c71ae433eef44bfa0"
if ( !empty($phpsess)){
$this->session->set_userdata("session_id",$phpsess);
}
When we now print out the user data we get the correctly session_id, but it doesn't take the data with us from step 1 in some how. What do to?
I only get
Array
(
[session_id] => a1264526031adb9c71ae433eef44bfa0
[ip_address] => 87.54.46.121
[user_agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.69 Safari/537.36
[last_activity] => 1383052142
[user_data] =>
[advertiser_id] => 1
[advertiser_name] => xxxx
)
But in some way it still have the correct data for advertiser_id and advertiser_name, so that is totally wierd.
What do to?
It's like codeigniter refresh the session_id on each page load and therefore there will be problem.
Or maybe because of the domain cookie settings? I dont know, please help us.
It's called session rotation and it's actually a security feature in CodeIgniter, I would not recommend disabling it, rather, create a table for your references and attach a single use authorization token in each request to another domain.
Then from your second domain cross reference the token server side.
Let me know if you need more details =]
You can see one of my answers about the same subject here:
IonAuth - seems to be randomly logging me out
I was having the same issue(changing session id on refresh) and turns out that I had not set the correct date time on my testing platform/device
Try putting the coorect URL of your site.
$config['base_url'] = 'http://www.yoursite.com';
In this odd case where I'm trying to pickup others pieces. My dev deployment tests would fail with the session being different on ajax calls.
Seems that a local VMs IP was not enough to match the convolutions of this particular CodeIgniter project.
Only once I setup a local DNS server with the proper domain name did it allow logged_in to recognize the session $username/$identity.
I guess the ajax was calling the domain externally, while I was viewing the site locally with an IP served from a VM.
According to CI's Session.php, the ID is changed on every update, but they keep a reference to the old ID so that they can update it right row.
Also, according to the doc: "session_id" is regenerated (by default) every five minutes".
If there is no specific reason to use "session id" I would suggest you to set another unique variable in the userdata and use it as "session id".
$uniqueId = uniqid(time()+$unique_user_variable, TRUE);
$this->session->set_userdata("my_session_id", md5($uniqueId));
as the "Unique user variable" may vary from user ip, user name, user id and etc. according to your specific case.