Skip to content
Advertisement

Avoid session timeout reset when sending ajax request

Is it possible to tell codeigniter to skip session timeout reset if post request is coming via ajax to a particular controller function. I have a frequent ajax call inside user login dashboard to check something, but these calls keeps the session alive so even if the user stays inactive for 10 minutes (sess_expiration time) session wont be killed and they still remain logged in for ever.

Advertisement

Answer

If (and only IF) your Ajax call is completely session-agnostic (that is, it doesn’t required to be logged in to run, it doesn’t need any session data from the user, etc) you could serve the Ajax request from a separate ajax-specific controller and then inhibit the session library autoload when that specific controller is used.

If the ajax call requires a logged in user you’re mostly out of luck.

However, if you meet these conditions, find the $autoload['libraries] section in application/config/autoload.php and use this dirty hack:

// Here, an array with the libraries you want/need to be loaded on every controller
$autoload['libraries'] = array('form_validation');

// Dirty hack to avoid loading the session library on controllers that don't use session data and don't require the user to have an active session
$CI =& get_instance();
// uncomment the one that fits you better
// Alternative 1: you only have a single controller that doesn't need the session library
// if ($CI->router->fetch_class() != 'dmz') array_push($autoload['libraries'], 'session');
// END alternative 1

// Alternative 2: you have more than one controller that doesn't need the session library
// if (array_search($CI->router->fetch_class(), array('dmz', 'moredmz')) === false) array_push($autoload['libraries'], 'session');
// END alternative 2

In the above code, dmz and moredmz are my two imaginary controller names that require the session library to not be loaded. Whenever these are NOT used, the session library is pushed into autoload and thus loaded. Otherwise, the session library is ignored.

I actually have this running on one of my sites in order to allow the health checks from my loadbalancer to run (once every 5 seconds on each application server, from both the primary loadbalancer and its backup) and fill up my sessions table with useless data and works like a charm.

Not sure what version of CI you’re using, but the above code is tested on CI 3.1.11.

Now, as you state the Ajax call requires the session driver, the only way around this would be to mess a little with the Session driver itself. In 3.1.11, the session driver is located in system/libraries/Session/Session.php and the part you’d need to change is the final part of the constructor method (look from line 160 onwards). For this example, I’ll assume your Ajax calls are handled by a specific controller called “Ajax”

// This is from line 160 onwards
elseif (isset($_COOKIE[$this->_config['cookie_name']]) && $_COOKIE[$this->_config['cookie_name']] === session_id())
        {
            $CI =& get_instance();
            $new_validity = ($CI->router->fetch_class() !== 'ajax') ? time() + $this->_config['cookie_lifetime'] : $_SESSION['__ci_last_regenerate'] + $this->_config['cookie_lifetime'];

            setcookie(
                $this->_config['cookie_name'],
                session_id(),
                (empty($this->_config['cookie_lifetime']) ? 0 : $new_validity),
                $this->_config['cookie_path'],
                $this->_config['cookie_domain'],
                $this->_config['cookie_secure'],
                TRUE
            );
        }

        $this->_ci_init_vars();

        log_message('info', "Session: Class initialized using '".$this->_driver."' driver.");

In a nutshell, this example (haven’t tested it so please do before deploying it, it may have a typo or two) will first instantiate the CI core and get the controller name from the Router. If it’s a regular controller, it’ll determine the new cookie validity as “now plus the cookie validity from the config”. If it’s the ajax controller, the cookie validity will be the same as the current validity (last regeneration time plus cookie validity.. had to reiterate it as the ternary operator requires it)

Afterwards, the setcookie is modified to use the pre-computed cookie validity depending on what the _config['cookie_lifetime'] value is.

User contributions licensed under: CC BY-SA
2 People found this is helpful
Advertisement