Welcome Guest, Not a member yet? Register   Sign In
Question about CodeIgniter 3rc2 Session_files_driver
#1

Hi;

I know the Session_files_driver has a Garbage Collector to delete old session files from the sessions system folder.

Never the less I just wondering if there is a way for the Session_files_driver to delete the old session file just after the session id has been regenerated.

I know the session security increase by regenerating the session id however by deleting the old session file more quickly will reduce even more the session fixation risk ( I think! ). That will also reduce the files count on the session folder.

I have that working fine on CodeIgniter 2 but now I am struggling figuring out about how to do the same thing with CodeIgniter 3rc2.

Thank you for yor help.
Reply
#2

If you're talking about the automatic ID regeneration - there's no way to do that, at least not currently.

If you're regenerating manually, then you can just do this: session_regenerate_id(TRUE).
Reply
#3

(This post was last modified: 02-05-2015, 06:30 PM by Mel9pr.)

(02-05-2015, 02:12 PM)Narf Wrote: If you're talking about the automatic ID regeneration - there's no way to do that, at least not currently.

If you're regenerating manually, then you can just do this: session_regenerate_id(TRUE).

Ok!

That means I have to build a custom session driver again. I was able to do that up to CI 3 but cant do it on CI 3 RC2.
Call me paranoid if you like but I prefer to get rid of the old session file as soon as the session id is regenerated. An easy thing to do on CI 3 with a custom session driver but not on CI 3 RC2.

What about this https://github.com/bcit-ci/CodeIgniter/c...31ae9b3f9d  should I need to fix that too?

Thank You for your response!
Reply
#4

No, this doesn't depend on the driver and therefore you don't need a custom driver to do that. I'll probably add a config option for it anyway.

As for the commit link ... I don't understand what you mean. The commit itself is a fix.
Reply
#5

(02-06-2015, 03:23 AM)Narf Wrote: No, this doesn't depend on the driver and therefore you don't need a custom driver to do that. I'll probably add a config option for it anyway.

As for the commit link ... I don't understand what you mean. The commit itself is a fix.

Sorry for my bad English skills. I will apply the commit fix on my site right now.

Thank You for your support!
Reply
Reply
#7

(02-07-2015, 10:32 AM)Narf Wrote: https://github.com/bcit-ci/CodeIgniter/c...f6b97436c7

Again, Thank You for your great support!

I will apply that commit fix on my site for sure. The image controller I get from the old ElisLab forum is generating an unexpected behavior with the CI3 Rc2`s  Session_files_driver. Because of that I am getting a lot of unnecessary session files that cause tons of trash on the session folder. On CI3 (developer version) the image controller cause no problem but on CI3 Rc2 the Session_files_driver go on "overdrive mode" due to the image controller. To give you and idea if I access a page with 10 images to display the Session_files_driver produce about 11 session files at the same time (per user/per page request). But that is another topic.

Thanks!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB