+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: flash_data safety (/showthread.php?tid=31347)
Pages:
1
2
flash_data safety - El Forum - 06-17-2010
[eluser]WanWizard[/eluser]
It has the option (out of the box) to use the database for sessions.
You just can't make it default because that requires a database connection and a sessions table, for which you have to do some configuration work. While your at it, enabling database sessions is modifying 2 config lines extra. Big deal.
I personally don't see the advantage of native sessions. I get one database SELECT and one database UPDATE per page request, both taking 0.001 second. I can easily scale my web frontend without having to worry about native session sharing across webservers. I also use the session table to get statistics about logged in users (how many, how long, idle time, etc.) which is much easier to do with a database table than with native sessions.
flash_data safety - El Forum - 06-17-2010
[eluser]cahva[/eluser]
Every vhost should have its own directory for sessions (usually their own tmp dir) so this sharing across webservers is not a problem(hasnt been for years).
I meant that by default, CI should use native sessions, not cookies. Native sessions are secure and they work very nicely. Using cookies for session data is just dum. I dont know what mushrooms CI devs have eaten when they decided to disregard native session and go for the cookies instead..
flash_data safety - El Forum - 06-17-2010
[eluser]Burak Guzel[/eluser]
Derek explains a bit in the comments here:
http://www.derekallard.com/blog/post/enhanced-codeigniter-session-library/
But yeah, I have to disagree with this implementation. Native sessions, which many programmers are used to, have a certain level of security. The default setup of the session library takes that away.