[FIXED] SESSION variable is reset on redirect() in Codeigniter php

Issue

I am facing some weird issue of session variable getting reset on action redirect.

I am using Codeigniter and redirecting to dashboard action after login, I am getting data in login action after verifying credentials with DB, but when I use redirect() to redirect to dashboard, session variables gets vanished.

Admin.php

<?php class admin extends CI_Controller 
{
    function login()
    {
        $login = $this->Admin_model->login($this->input->post()); // <-- verify data and set to session
        if($login)
        {
            $this->session->set_flashdata("success","Logged in Successfully");
            var_dump($_SESSION); // <-- able to fetch data from session
            // exit();
            redirect("admin/dashboard");
        }
        else
        {
            $this->session->set_flashdata("error","Invalid Credentials!! Please Try Again!!");
            redirect("admin");
        }
    }

    function dashboard()
    {
        var_dump($_SESSION); // <-- session data is vanished and not able to get userdata('id')
        exit();
        if($this->session->userdata('id') != '')
        {
            $data['active_tab'] = "dashboard";
        }
        else
        {
            redirect("admin");
        }
    }
?>

Admin_model.php

<?php Class Admin_Model extends CI_Model
{
    function login($data)
    {
        $user = $this->db->get_where("users",array("username" => $data['username'],
                                     "password" => md5($data['password']),
                                     "is_active" => "1")
                                    )->row_array(); 
        if(!empty($user))
        {
            $this->set_user_session($user);
            return true;
        }
        else
        {
            return false;
        }
    }

    function set_user_session($login)
    {
        $arr = array();
        $arr["id"] = $login["id"];
        $arr["username"] = $login["username"];
        $this->session->set_userdata($arr);
    }
?>

Tried this in xampp and wamp, all browsers but still the issue remains the same, any help would be grateful.

Solution

Which version of CodeIgniter are you working with? You can try the following steps.

1. Go to system/libraries/Session/Session.php
2. Comment session_start() by adding //. We want to relocate the sessionn_start().
3. Find (using ctrl + f) a comment that says Security is king. Comment out all the line under that comment until the end of the function. In my case I commented out the line number 315 - 320.
4. on line number 282 change this line ini_set('session.name', $params['cookie_name']); to ini_set('session.id', $params['cookie_name']);

5. comment out following lines

   line 108 //session_set_save_handler($class, TRUE); line 290-296 // session_set_cookie_params( // $params['cookie_lifetime'], // $params['cookie_path'], // $params['cookie_domain'], // $params['cookie_secure'], // TRUE // HttpOnly; Yes, this is intentional and not configurable for security reasons // ); line 305 //ini_set('session.gc_maxlifetime', $expiration);

6. Go to the main index.php, it is the first index.php and located in the same directory with the sub-directories 'application', 'system', 'user_guide', etc.
7. Put session_start() right after < ?php

Hope this can help you....

Answered By - Pyae Phyo Aung