Best IT Recipes

CodeIgniter Sessions versus PHP Sessions

I am relatively new to CodeIgniter and am doing my first CI project in which there are user accounts, etc. In the past, I have always used the PHP variable $ _SESSION for this purpose. However, CI seems to have its own session mechanism, which it claims is “better”

Does the CI session mechanism seem to store all the data in a cookie? Personally, I like the idea of ​​all the data stored on the server that is accessed using a cookie, such as PHP’s own session mechanism. I find it stupid to think which is better? Should I just accept the CI mechanism? Or should I go ahead and use my own PHP sessions?

What are you guys doing?

Thank,
Mala

+43
php codeigniter session
Jan 05
source share
5 answers

In my experience with CI, I encountered some anomalies in its sessions, but for most everyday needs, the library is good and easy to use. As noted, Flashdata is a very nice feature.

If you decide to stay with CI sessions, I highly recommend storing the sessions in a database and, in addition, encrypt cookies:

$config['sess_encrypt_cookie'] = TRUE; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'sessions';

The database structure should be as follows:

 CREATE TABLE IF NOT EXISTS `sessions` ( session_id varchar(40) DEFAULT '0' NOT NULL, ip_address varchar(16) DEFAULT '0' NOT NULL, user_agent varchar(50) NOT NULL, last_activity int(10) unsigned DEFAULT 0 NOT NULL, user_data text NOT NULL, PRIMARY KEY (session_id) );
+34
Jan 05 '10 at 12:45
source share

The manual indicates more flexibility , not better ; -)

I assume that the main advantage of the Session CodeIgnite class is that it integrates with the framework and offers several additional features, such as IP address tracking and the fact that it calls flashdata (session data that was deleted as soon as it was read) . If you use the framework in the first place, this means that these options may be attractive to you.

Regardless, you can also save session data in a database:

http://codeigniter.com/user_guide/libraries/sessions.html

+8
Jan 05 '10 at 11:29
source share

Save the PHP session for important information and use the CI session for less important information.

Read wyh here. http://codeigniter.com/forums/viewthread/130577/

+4
Jan 05 '10 at 2:30 p.m.
source share

I know this is an older article, but I find it worth sharing what I found.

Since CI uses a cookie-based approach (even with a database repository), it causes a problem for my particular application that serves data for remote clients requesting data through curl. The bottom line is that Cookies and Cross Site Scripting, although manageable, do not play well together.

I decided to try to override the custom Session.php class provided by CI with my own MY_Session.php. I was glad to find that it was not too complicated, but was surprised to find that CI updates the session identifier, although my script explicitly provided them.

In accordance with CI guidelines

Unique user session identifier (this is a statistically random string with very strong entropy, MD5 hashed for portability and restored (default) every five minutes )

Although I can probably find a way to override this, I wonder if it would be much easier to return to PHP sessions.

Just food for thought if you are going to use CI.

+1
May 7 '13 at 12:02
source share

CI sessions have storage size limits

As you know, CI sessions are mainly cookies, regardless of whether you encrypt it or not. As for security, it has its pros and cons.

I was worried about the size limit for CI sessions. It can contain only 4 kb data, since it is mainly a cookie, while the Native PHP session only stores the reference identifier in a cookie, and all session data is stored in the server’s memory. This is useful when you need to store more items in a session.

Tell a shopping cart with lots of items or a user’s music playlist with more than 50 tracks ... etc.

I hope this information helps someone.

Greetings .. !!

+1
Feb 15 '14 at 5:35
source share


More articles:


All Articles