+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Confused about sessions (/showthread.php?tid=18552)
Pages:
1
2
Confused about sessions - El Forum - 05-10-2009
[eluser]gunzour[/eluser]
Hi everyone, I'm relatively new to CodeIgniter so please bear with me.
I've been trying to make heads or tails of CI's session support and the documentation is leaving me confused. So I have several questions:- If I use CI's session class and configure it to store sessions in a database table, does this replace storing the user data in a cookie? Or is it stored in both places? The user guide doesn't seem to answer this.
- Does anyone know if the Native_session library at http://codeigniter.com/wiki/Native_session/ is compatible with the current version of CI? (It appears to be for CI 1.5)
- Any support for (or plans to support) storing CI session data in memcached?
- If I want to, can I just ignore CI's session class and use native PHP sessions directly?
- If I did this (used native PHP sessions directly), where would be the best place for me to place session_start()? In the constructor of a controller? In a "header" view? In a hook?
Thanks for your help.
Confused about sessions - El Forum - 05-10-2009
[eluser]Dam1an[/eluser]
When you use the database for sessions, only the default session data is stored on the client end (session_id, ip_address, user_agent and last_activity).
These are also stored in the database so they can be validated, along with all your userdata (which means you can store a lot more session data)
You can ignore CI sessions, and use native PHP sessions ($_SESSION)
If you did, I would put session_start() in the index.php, another good place would be a pre_system hook
Edit: CLeared a few things up that where cauing confusion
Confused about sessions - El Forum - 05-10-2009
[eluser]TheFuzzy0ne[/eluser]
[quote author="gunzour" date="1241997867"]Hi everyone, I'm relatively new to CodeIgniter so please bear with me.
[/quote]Welcome to the CodeIgniter forums.
[quote author="gunzour" date="1241997867"]- If I use CI's session class and configure it to store sessions in a database table, does this replace storing the user data in a cookie? Or is it stored in both places? The user guide doesn't seem to answer this.[/quote]
A cookie will be stored, but the only data stored in the cookie, is the session ID required by CodeIgniter to link the cookie to the session. In short, yet, the data will be kept in the database, and you will be able to have storage for about 65KB of data, as opposed to 4KB if the data was stored in a cookie.
[quote author="gunzour" date="1241997867"]- Does anyone know if the Native_session library at http://codeigniter.com/wiki/Native_session/ is compatible with the current version of CI? (It appears to be for CI 1.5) [/quote]
I don't know for sure, but to my knowledge, the sessions class still works the same as it was intended to. Apart from some bug fixes, it should work the same way. Please let us know. If it's not working, I might spend some time rewriting it.
[quote author="gunzour" date="1241997867"]- Any support for (or plans to support) storing CI session data in memcached?[/quote]
Not to my knowledge. I'm sure that if there's enough interest, someone may write a library for this purpose.
[quote author="gunzour" date="1241997867"]- If I want to, can I just ignore CI's session class and use native PHP sessions directly?[/quote]
Yes, so long as by you ignore it in the sense that you simply don't load it at all.
[quote author="gunzour" date="1241997867"]- If I did this (used native PHP sessions directly), where would be the best place for me to place session_start()? In the constructor of a controller? In a "header" view? In a hook?[/quote]
I'd just throw it in the index.php file.
[quote author="gunzour" date="1241997867"]Thanks for your help.
[/quote]My pleasure.
Confused about sessions - El Forum - 05-10-2009
[eluser]gunzour[/eluser]
[quote author="TheFuzzy0ne" date="1241998802"]
A cookie will be stored, but the only data stored in the cookie, is the session ID required by CodeIgniter to link the cookie to the session. In short, yet, the data will be kept in the database, and you will be able to have storage for about 65KB of data, as opposed to 4KB if the data was stored in a cookie.
[/quote]
OK. My impression from reading the docs was the same as what Dam1an wrote -- that it would be stored in both places and the data in the DB would be used to match/validate the data supplied in the cookie. I guess there is confusion over the difference between the session ID key and the actual session data. The data I would prefer to keep server-side and out of the view of the client.
[quote author="TheFuzzy0ne" date="1241998802"]
[quote author="gunzour" date="1241997867"]- Any support for (or plans to support) storing CI session data in memcached?[/quote]
Not to my knowledge. I'm sure that if there's enough interest, someone may write a library for this purpose.
[/quote]
I might be that someone, down the road.
I think storing them in the DB will work for me for now, however.[quote author="TheFuzzy0ne" date="1241998802"]
[quote author="gunzour" date="1241997867"]- If I want to, can I just ignore CI's session class and use native PHP sessions directly?[/quote]
Yes, so long as by you ignore it in the sense that you simply don't load it at all.
[/quote]
Out of curiousity, if I do load it, what happens? Will it interfere with PHP's native sessions?
[quote author="TheFuzzy0ne" date="1241998802"]
I'd just throw it in the index.php file.
[/quote]
Oh good idea, I didn't think of that.
Confused about sessions - El Forum - 05-10-2009
[eluser]TheFuzzy0ne[/eluser]
You're right. It appears that the session class does indeed match the cookie to the database entry. I had no idea... That's quite strange, as I don't think there's any point in sending it to the browser and back again if the data is stored locally.
Confused about sessions - El Forum - 05-11-2009
[eluser]gunzour[/eluser]
[quote author="TheFuzzy0ne" date="1242010242"]You're right. It appears that the session class does indeed match the cookie to the database entry. I had no idea... That's quite strange, as I don't think there's any point in sending it to the browser and back again if the data is stored locally.[/quote]
Ah well, I will have to go back to using native PHP sessions then. I don't want the session data I am storing to be seen or potentially altered by the client.
Confused about sessions - El Forum - 05-11-2009
[eluser]Dam1an[/eluser]
[quote author="gunzour" date="1242071708"]
Ah well, I will have to go back to using native PHP sessions then. I don't want the session data I am storing to be seen or potentially altered by the client.[/quote]
CI session are encrypted, so they shouldn't be able to see/manipluate them (at least thats what the user guide leads me to beleive)
Confused about sessions - El Forum - 05-11-2009
[eluser]TheFuzzy0ne[/eluser]
That's very true. I think the only way to decrypt that password within a one's lifetime, is to use the key you specify in the config.php. If you make the key itself a hash, then I doubt anyone would ever be able to guess it.
Confused about sessions - El Forum - 05-11-2009
[eluser]gunzour[/eluser]
Yes, you could encrypt them, but the whole thing seems unnecessarily complex. Why send the session data to the client, encrypted or not? There's no need.
Confused about sessions - El Forum - 05-29-2009
[eluser]jbawarren[/eluser]
So, then, How do the cookie and the session data match up if your session data exceeds 4k?