Showing posts from August, 2014

CI invalid session

Strange session behaviour How does it look like? Lately at work we've ran into a strange behaviour of an irregular logging out. We used CodeIgniter php framework for developing a web application. We noticed this problem earlier on, but we couldn't repeat it on purpose. This behaviour occurred randomly. We didn't know how to repeat it so it was almost impossible to debug it. But one day, we found that if the screen with the map of the POI positions was repeatidly updated in few seconds intervals, this problem occurred more often. What was the problem? The session was not expired as we thought first, the cookie was somehow cut off about 10, 20 symbols. The problem was in CodeIgniter Security class in xss_clean which prevented the cross site scripting. To be exact the offender was regular expression that was trying to filter every onEvent javascript function. So if your generated cookie contained substring "#### on SOMETHING=" it removed the part "SOMET