Welcome Guest, Not a member yet? Register   Sign In
Encrypted session BLOB?
#1

Hi, 
Installed CI 3.1.0 on the online server and the session data (BLOB in ci_sessions) seems to be encrypted, something like: 3zM_T6RPpROqB8aZm8Ek.......
On a local server (during development) it wasn't encrypted, it was something like that: _ci_last_regenerate|i:1478096011....

Any idea why this is happening?

The online server uses PHP 5.5.23 and MySQL 5.6.34.

Thanks
Reply
#2

Not caused by CI. Probably something like Suhosin is at work.

Why do you care? You're not supposed to read that data anyway.
Reply
#3

I need to use it for cart remarketing, it's for an e-commerce site.
Reply
#4

LE: Suhosin was encrypting it, in case someone else encounters the problem.
+1 Narf
Reply
#5

I don't think you get it ... There's no reliable way to read that data properly from "userland"; ONLY the PHP engine can do that. Even if it somehow works for you currently, that's a lucky dice roll, and it may break at any time.

If you think you "need" it, it's only because the data is already sitting there and you're looking for a shortcut to it. I know it's easy to fall into that trap, but it is a trap.
Reply
#6

Ok, so what should I do? Duplicate the data to another database table?
Reply
#7

(12-09-2016, 09:48 AM)mikeV Wrote: Ok, so what should I do? Duplicate the data to another database table?

Something like that ... Depends on what you mean.

You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want. But the point is to avoid accessing the data in its serialized state.
Reply
#8

(12-09-2016, 10:59 AM)Narf Wrote: ... You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want ...

Hi Narf,

Sorry to revive this thread but I came across it trying to figure out how to do exactly that. I'm struggling to figure out how to extend the database session driver so I can add a username field which would make it easier to confirm if someone is logged in, among other things. I had hoped to overwrite the write() function.

Is this possible? I've gone through the CI docs but this doesn't seem to be outlined. Any advice would be much appreciated.
Reply
#9

(01-31-2017, 10:23 AM)twistedpixel Wrote:
(12-09-2016, 10:59 AM)Narf Wrote: ... You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want ...

Hi Narf,

Sorry to revive this thread but I came across it trying to figure out how to do exactly that. I'm struggling to figure out how to extend the database session driver so I can add a username field which would make it easier to confirm if someone is logged in, among other things. I had hoped to overwrite the write() function.

Is this possible? I've gone through the CI docs but this doesn't seem to be outlined. Any advice would be much appreciated.

It's possible, but you don't really need to do that.

You only need to update the column while doing login, logout and then override CI_Session:Confusedess_regenerate() to carry over the value when regeneration happens.
Reply
#10

(01-31-2017, 11:44 AM)Narf Wrote: It's possible, but you don't really need to do that.

You only need to update the column while doing login, logout and then override CI_Session:Confusedess_regenerate() to carry over the value when regeneration happens.

It's always the simplest solution that I haven't thought of! Thanks, I appreciate it Smile

Thanks for all your work on the CI project.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB