Solution To Session Timing Out Intermittently

A month back I had written about why your session might not be setting, even though you had set every thing as per the book. This time I am writing about a new problem that I faced with sessions.

The Problem

I recently faced a problem, where for some reason website would not remember session data for some users. They Log in, get to the home page, but the moment they click any other link they are logged out and taken back to login page.

Interesting thing is, this happens for both Firefox and Internet Explorer.

When I used the users credentials I was able to log in perfectly on my machine. When I passed him my credentials to try, and it failed on his machine.

I have faced this problem with both Joomla and Codeigniter framework.

Initially we thought it would be a problem with  just his browser’s cookie setting, so we got him to reduce the web browsers security setting to low, So that it allows for cookie acceptance.  As it turns out, it was not the problem with cookies either.

My Solution

In both (Joomla and Codeigniter) the problem came down to one thing “IP Address”.

We had set for Codeigniter to match the IP address for session requests(it happens by default in Joomla). My stupid assumption was that IP Address will not change between requests, but as it turns out for some of these users, IP address does change in between two requests.

We had used this technique as a way to avoid hackers from hijacking users session.

Anyways the moment we disabled the IP address check, sessions started working for them properly.

So, next time you have a problem with your session breaking in between for no apparent reason, remember to verify IP Address check.

Have you faced this problem? Let us know how did you solve it in comments below.

3 thoughts on “Solution To Session Timing Out Intermittently

  1. Also got problems checking IP in Session, switched to validate User-Agent does not change.
    Not a 100% secure solution but preventing simple hijacking actions.

  2. Hi,
    same issue I am facing in joomla. you are right in my case IP is changing, so do you mean I need to remove the IP check in the function. sessionCookieValue or is there any other think I need to do , to make it work.


  3. Hello ,
    I am also facing same sort of problem but in wordpress blog so i dont know where is ip checking function located in wordpress can ur solution be same for wordpress as itis for joomla. pls reply ASAP

Comments are closed.