CodeIgniter Forums

Full Version: Why CodeIgniter not using native session?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Greetings,

I start using CI when version 2.1.4 launch, soon i realize that, CI session library are using cookie(which store in client browser).

The question is, why using cookie?

Are cookie have many advantage than PHP native session?

Back into my collage ages, the web development bible always said, never trust cookie because it will cause security problems.

Until version 3.X, the session driver providing quite a lot of choices but no native session
is there a reason?

Hope development team can explain.

Thanks.
People make mistakes sometimes.
I believe IIRC their session cookie had some kind of validation built in to make sure it wasn't modified. That said you are correct (just like vantcholakov said) it wasn't one of there best decisions. Only relying on the native session handler can present security issues if your not careful. CI3 will give you choices.
I don't know why that design decision was made, but fortunately, it's very, very easy to create a native session library. Here's a nice blog post that explains how. https://www.moreofless.co.uk/using-nativ...deigniter/
(01-25-2015, 05:06 PM)RobertSF Wrote: [ -> ]I don't know why that design decision was made, but fortunately, it's very, very easy to create a native session library. Here's a nice blog post that explains how. https://www.moreofless.co.uk/using-nativ...deigniter/

Thanks for the share, it not hard by googling the alternative solution.

I just wanna find out the philosophy of the session library Smile
Oh, then you have to research why they did not like PHP4 native session, this is waste of time.
Huh ... I'm quite sure I wrote an answer to this yesterday. I guess I hit "Preview" instead of "Submit".

Long story short - I can give an educated guess about "why", but whoever made the decision is no longer involved with the project and it doesn't matter anyway. CI3 utilizes PHP's session handling features, so that's that.
(01-26-2015, 03:32 AM)Narf Wrote: [ -> ]Huh ... I'm quite sure I wrote an answer to this yesterday. I guess I hit "Preview" instead of "Submit".

Long story short - I can give an educated guess about "why", but whoever made the decision is no longer involved with the project and it doesn't matter anyway. CI3 utilizes PHP's session handling features, so that's that.

I know CI3 session driver have huge improvement, thanks for your great efforts.

But..., Can't you making fanboy a favor. please? Big Grin