Codeigniter3会话库,Ajax和会话过期

I've recently upgraded to Codeigniter3, which has a completely overhauled session library. I've noticed that despite having the session expiration set to 0 per the Codeigniter docs, the session still seems to be expiring after some period of time.

we're using the database driver and our config options are set as follows:

$config['sess_driver'] = 'database';
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 0;
$config['sess_save_path'] = 'user_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;


$config['cookie_prefix']    = '';
$config['cookie_domain']    = $_SERVER['HTTP_HOST'];
$config['cookie_path']      = '/';
$config['cookie_secure']    = FALSE;
$config['cookie_httponly']  = FALSE;

As you can see. in the screenshot, the sessions are getting stored in the DB:

enter image description here

The app is set up with a base controller that will redirect to the login page if the our user_data session array is not set. The session expiring is ok I guess in this case since it redirects and everything is ok.

However, if the session is expired (or whatever is happening) and then I click a button that makes an ajax call, the call will fail and I can see in developer tools that it's attempting to redirect to the login page, but the user just sees my error showing that the ajax call failed.

From what I'm reading there seems to be some issues with the CodeIgniter session library and I'm wondering if I'm dealing with that, or if my implementation is bad.

I'm having trouble understanding if the session is expiring, or getting regenerated and maybe the session ID is just different? Does the ajax call reference the session ID somehow? I haven't coded anything into my app to look at sessions when making an ajax call.

I was thinking I could add something like this to my controller functions?

if(!$this->session->userdata('user_data'))
{
     echo 'some not logged in message'
{

and then in my javascript basically check for that response and redirect, but that is a lot of code to change across my whole app and I want to make sure that's the right approach before I go down that path.

I'm wondering if this old SO answer is still relevant in Codeigniter 3?

A couple of other things to note:

  • I'm not calling session_start() anywhere
  • I am using $this->session->sess_destroy(); in my logout function

UPDATE:

I found a workaround as I mentioned above where I do some checks to see if it's an ajax call, if not handle the session check and redirect in PHP, if so, then send a response back from the ajax call which will then redirect to the login page.

The original question still persists:

Why is the session expiring, or is it? and how do I keep my ajax calls from failing when the session has regenerated? The above "solution" is less than desirable because this application is used regularly during business hours and I don't want the users getting logged out every x minutes.

UPDATE 2:

I've see elsewhere on SO where people say not to autoload the session library, although no one has given an explanation for this and nothing in the docs indicates that this shouldn't be done. In fact, in the config file, it's one of the example autoloaded libraries they reference. Is there some reason why I shouldn't do this?