Session / Cookie Lifetime

webcam

I have a weird Problem with the Session/Cookie Handling.
My server does have due securityreasons a very short session lifetime.

Since then, fuel kicks me out every 5 minutes. in fuel_base_controller the method is checking for the Session and Cookie Stuff with the _check_login method.

in line:
if (!$this->fuel_auth->is_logged_in() OR !is_fuelified())
it checks first if the session is available OR the cookie is set. is it possible that BOTH checks have to return true? Else it throws FALSE if the session is gone and never will reach the cookie check?

if (!$this->fuel_auth->is_logged_in() AND !is_fuelified())

Am i wrong?

admin

When you login to the FUEL admin 2 cookies get set. One is for your user session in FUEL and the other is for triggering inline editing on your pages outside of the FUEL admin (is_fuelified()). That basically checks to make sure both are set and if not, it will kick you out back to the login screen.

Since FUEL is using CI's Session library which uses a browser cookie to store all the information, I have seen sometimes where the size of the cookie becomes too big and it won't let you login. To help control the cookie size, there is a config parameter called 'saved_page_state_max'. I would first remove all FUEL related cookies in your browser and then change that 'saved_page_state_max' value from 5 to 1 in the FUEL config file by adding the following to fuel/application/config/MY_fuel.php to see if it helps:
$config['saved_page_state_max'] = 1;

There are some alternative Session Libraries I've looked at which can be drop in replacements for CI's library and will actually use PHP's native sessions so you don't have to worry about session size (if that is indeed the problem you are having):
http://codeigniter.com/wiki/Category:Libraries::Session/

Let me know how it goes.

jpratama

I have exactly the same problem. Will it be cured if I used session database ? Thanks.

admin

I believe so.