For the most recent stable release of CodeIgniter (2.1.3), there is a rather annoying simultaneous request problem that will kill active sessions. You might have experienced this yourself if you had a website or application with lots of AJAX requests or other simultaneous requests. The tell-tail sign was that your users would be logged out after the update session time had passed (5 minutes by default).
$config[‘sess_use_database’] = TRUE;
$config[‘sess_time_to_update’] = 300;
Solution 1 :
One of the problem solution, it was due to the sess_time_to_update parameter in config.php. CI use this to update the session ID to a new one. If the change happen in an ajax call, CI sends a new cookie to tell the browser the new session ID. Unfortunatly, browsers seems to ignore this cookie and keep the old session ID.
We can fix it by setting the sess_time_to_update to sess_expiration in the config.
$config['sess_time_to_update'] = $config['sess_expiration'];
Solution 2 :
The solution that seemed to work for most folks involved extending the session library with your own MY_Session.php library that overwrote the sess_update method with one that only executed the update method when not an AJAX request. Create a php file in /application/libraries/ with the name MY_Session (or whatever prefix you set), paste this code there and that is all. This function will override the sess_update function in the session class, checking on every request if that request was made by ajax, skipping the sess_update function.
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
require_once BASEPATH . '/libraries/Session.php';
class MY_Session extends CI_Session
$this->CI->session = $this;
// Do NOT update an existing session on AJAX calls.
/* End of file MY_Session.php */
/* Location: ./application/libraries/MY_Session.php */
You can either auto-load this library from config/autoload.php:
$autoload['libraries'] = array( 'MY_Session');
Or, you can load it later:
If you’ve used AJAX-heavy web apps built on a CI backend, you might have noticed premature session expiration, even if you’re expiration was set to never expire ($config[‘sess_expiration’] = 0; in application/config/config.php)
This was apparently due to AJAX requests not regenerating sessions, and apparent collisions. Long story short, there was a patch introduced without much fanfare, which seems to be working with codeigniter 2.1.3 .
Replace your system/libraries/Session.php file with the one found here (CI’s git):