Posts

Showing posts from August, 2014

Unexpected Session Logout Issue in CodeIgniter: A Case Study

The Problem Recently, at work, we encountered a puzzling issue with our web application, which was built using the CodeIgniter PHP framework. Users were being logged out unexpectedly, and the logout behavior was irregular and hard to predict. Although we noticed this problem early on, it was difficult to reproduce consistently, making debugging a challenge. The issue seemed random, but we eventually observed that it occurred more frequently when the screen displaying a map of POI (Points of Interest) positions was refreshed at short intervals, such as every few seconds. What Was the Cause? Initially, we suspected the session was expiring prematurely. However, upon closer inspection, we discovered that the session cookie was being truncated—losing about 10 to 20 characters. This led us to investigate the CodeIgniter Security class, specifically the xss_clean function, which is designed to prevent cross-site scripting (XSS) attacks. The root cause was a regular expression within xss_cle