codeigniter会议窃听用Ajax调用 [英] Codeigniter session bugging out with ajax calls

问题描述

我的codeIgniter应用程序使用会话库并将数据保存到数据库。

My CodeIgniter app uses the session library and saves data to the DB.

我一直有一些问题，其中的空白会话一定的AJAX调用后创建。

I've been having some problems where blank sessions are created after a certain ajax call.

经调查，似乎有2个同步的功能调用，发了，需要一个会话验证。人们可能会失败，其他的就可以了。

Upon investigating, it seems that there were 2 simultaneous functions calls that fired off that require a session validation. One would fail and the other would be fine.

我能够没有让他们同时断火来解决这个问题。但我还是不明白，为什么失败的原因。是否都与一个呼叫更新用户的cookie和第二个呼叫无效化？或读取数据库说不定什么时候死了不知何故？

I was able to fix this by not having them fire off simultaneously. But I still don't understand the REASON why it fails. Does it have to do with one call updating the user cookie and the 2nd call invalidating? Or maybe when reading the DB it dies somehow?

我看了看会话核心类了一下，没有发现任何线索的原因。

I looked over the Session core class a bit and have not found any clues to the cause.

如果任何人有同样的问题之前，我想AP preciate如何调试或原因是什么任何意见。

If any one had the same problem before I would appreciate any advice on how to debug or what the cause is.

谢谢！

编辑：

我最初说有408状态返回。这是一个不相关的情况。

I originally said there was a 408 status return. That was an unrelated case.

这是触发了MyVar.refresh（）的并行功能：

This is the function that fires off MyVar.refresh() in parallel:

function (event)
{
    var self$ = this.a$;
    var uid  = this.b$.val();
    var tid  = this.c$.val();
    var jqxhr = $.post('/controller1/index',{'uid':uid,'tid':tid,'action':true},function(re)
    {
        if(re.message != 'success')
        {
            MyVar.alert('<span class="msg_error sprite"></span>' + re.error);
            MyVar.refresh();
        } 

    },'json');
    MyVar.refresh();
    return stopDefault(event);
};

可能的解决方案：

发现这一点：<一href="http://$c$cigniter.com/forums/viewthread/102456/">http://$c$cigniter.com/forums/viewthread/102456/

显然，它不与阿贾克斯打出好成绩。一个解决办法是禁止会话更新，如果它是一个Ajax调用;唯一的问题是，我们的网站大多建有阿贾克斯......

Apparently it doesn't play well with ajax. One solution is to disallow session update if it is an ajax call; only problem is that our site is mostly built with ajax..

此外，刚刚下调sess_time_to_update的东西非常频繁和Ajax在做精。还做了浏览器刷新，并没有超时。不知道为什么，如果会话ID已经在Ajax调用和浏览器的cookies改变从来没有更新。

Also, just lowered the sess_time_to_update to something very frequent and ajax was doing fine. Also did a browser refresh and it did not timeout. Not sure why if the session ID has already changed upon an ajax call and browser cookies were never updated.

推荐答案

试试这个

<?php
/**
 * ------------------------------------------------------------------------
 * CI Session Class Extension for AJAX calls.
 * ------------------------------------------------------------------------
 *
 * ====- Save as application/libraries/MY_Session.php -====
 */

class MY_Session extends CI_Session {

    // --------------------------------------------------------------------

    /**
     * sess_update()
     *
     * Do not update an existing session on ajax or xajax calls
     *
     * @access    public
     * @return    void
     */
    public function sess_update()
    {
        $CI = get_instance();

        if ( ! $CI->input->is_ajax_request())
        {
            parent::sess_update();
        }
    }

}

// ------------------------------------------------------------------------
/* End of file MY_Session.php */
/* Location: ./application/libraries/MY_Session.php */

现在的问题是在会话类的sess_update功能，产生X秒后，一个新的SESSION_ID。每个页面有一个SESSION_ID，如果SESSION_ID到期的AJAX调用之前，该呼叫将失败。

The problem is in the sess_update function of the session class, that generates a new session_id after X seconds. Every page have a session_id, if the session_id expires before the ajax call is made, that call will fail.

在创建/应用/库的PHP文件/名为MY_Session（或任何preFIX设置），粘贴此code那里，仅此而已。 该功能将覆盖会话类的sess_update功能，检查每个请求，如果该请求被阿贾克斯取得，跳过sess_update功能。

Create a php file in /application/libraries/ with the name MY_Session (or whatever prefix you set), paste this code there and that is all. This function will override the sess_update function in the session class, checking on every request if that request was made by ajax, skipping the sess_update function.

它是一个坏主意设置sess_expiration在更高的价值。这是一个安全功能，将保护您免受会议hijaking

Its a bad idea set the sess_expiration at higher values. This is a security feature that will protect you against session hijaking

PD：我不是很流利的英语，如果你不明白的东西只是让我知道

PD: i'm not very fluent in english, if you dont understand something just let me know.

这篇关于codeigniter会议窃听用Ajax调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！