All geek questions in one place

CodeIgniter session set-cookie duplicated - how to solve

UPDATE:

I am wondering if anyone can look at my answer and see if there are any holes in it.

There is a well-documented problem when using cognitionists and sessions:

Duplicated "set-cookie: ci-session" fields in the header using codeignign

In general, codeigniter sets a cookie every time set_userdata is called.

I found a partial solution with:

http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/

The only problem with this solution is that the code needs to be inserted everywhere. Is there an easy way to clear all headers? I changed the code a bit to remove php errors, but is there a way to use a hook or something like that?

<?php
class MY_Controller extends CI_Controller
{

    public function __construct()
    {
        parent:: __construct();
    }

     //See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
    protected function _removeDuplicateCookieHeaders ()
    {
        // clean up all the cookies that are set...
        $headers             = headers_list();
        $cookies_to_output   = array ();
        $header_session_cookie = '';
        $session_cookie_name = $this->config->item('sess_cookie_name');

        foreach ($headers as $header)
        {
            list ($header_type, $data) = explode (':', $header, 2);
            $header_type = trim ($header_type);
            $data        = trim ($data);

            if (strtolower ($header_type) == 'set-cookie')
            {
                header_remove ('Set-Cookie'); 

                $cookie_value = current(explode (';', $data));
                list ($key, $val) = explode ('=', $cookie_value);
                $key = trim ($key);

                if ($key == $session_cookie_name)
                {
                   // OVERWRITE IT (yes! do it!)
                   $header_session_cookie = $data;
                   continue;
                } 
                    else 
                    {
                   // Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
                   $cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
                }
            }
        }

        if ( ! empty ($header_session_cookie))
        {
            $cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
        }

        foreach ($cookies_to_output as $cookie)
        {
            header ("{$cookie['header_type']}: {$cookie['data']}", false);
        }
     }
}
+4
2

EDIT: , $this- > load- > view(). echo , , .

EDIT php 5.3 .

, , . , , , .

//session_cookie_fixer.php

<?php
class SessionCookieFixer
{   
     //See (modified from) http://ha17.com/1745-bigip-f5-header-max-size-collides-with-codeigniters-bizarre-session-class/
    function removeDuplicateSessionCookieHeaders ()
    {
         $CI = &get_instance();

        // clean up all the cookies that are set...
        $headers             = headers_list();
        $cookies_to_output   = array ();
        $header_session_cookie = '';
        $session_cookie_name = $CI->config->item('sess_cookie_name');

        foreach ($headers as $header)
        {
            list ($header_type, $data) = explode (':', $header, 2);
            $header_type = trim ($header_type);
            $data        = trim ($data);

            if (strtolower ($header_type) == 'set-cookie')
            {
                header_remove ('Set-Cookie'); 

                $cookie_value = current(explode (';', $data));
                list ($key, $val) = explode ('=', $cookie_value);
                $key = trim ($key);

                if ($key == $session_cookie_name)
                {
                   // OVERWRITE IT (yes! do it!)
                   $header_session_cookie = $data;
                   continue;
                } 
                    else 
                    {
                   // Not a session related cookie, add it as normal. Might be a CSRF or some other cookie we are setting
                   $cookies_to_output[] = array ('header_type' => $header_type, 'data' => $data);
                }
            }
        }

        if ( ! empty ($header_session_cookie))
        {
            $cookies_to_output[] = array ('header_type' => 'Set-Cookie', 'data' => $header_session_cookie);
        }

        foreach ($cookies_to_output as $cookie)
        {
            header ("{$cookie['header_type']}: {$cookie['data']}", false);
        }
     }
}
?>

/Config/hooks.php

$hook['post_controller'][] = array(
                               'class'    => 'SessionCookieFixer',
                               'function' => 'removeDuplicateSessionCookieHeaders',
                               'filename' => 'session_cookie_fixer.php',
                               'filepath' => 'hooks',
                               'params'   => array()
                               );
+1

, , MY_Controller, (, , )

$this->_removeDuplicateCookieHeaders()

(http://ellislab.com/codeigniter/user-guide/general/hooks.html)

$hook['post_controller_constructor'][] = array(
                            'class'    => '',
                            'function' => 'removeDuplicateCookies',
                            'filename' => 'removeDuplicateCookies.php',
                            'filepath' => 'hooks',
                            );

( ), , application/config/autoload.php

0

Source: https://habr.com/ru/post/1537791/

More articles:


All Articles