New to Code Igniter & $_SESSION? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: New to Code Igniter & $_SESSION? (/showthread.php?tid=38489) |
New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]Unknown[/eluser] Hi All, I have only been using CI for two days and I am struggling to see any real advantages apart from a better code structure. Today I have developed a basic user login system and it took a lot longer than it would just to do it in PHP. Another thing is, I normally use $_SESSION to store details of the logged in user however I can't seem to do this anymore? (Also is a bad from a security point of view to store these details there? if so, what way is better?) Below I have also provided some of the code I have developed today for the registration part of the user login system. Any feedback on this would be great. Register (Controller) Code: <?php Register (Model) Code: <?php Register (View) Code: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]WanWizard[/eluser] In CI you use the Sessions library instead of PHP's session management... New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]Unknown[/eluser] [quote author="WanWizard" date="1297297925"]In CI you use the Sessions library instead of PHP's session management...[/quote] Whats the advantage of doing so? New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]dark_lord[/eluser] You can refer to the documentation to further understand the session class. http://ellislab.com/codeigniter/user-guide/libraries/sessions.html New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]WanWizard[/eluser] @Richie Jenkins, There are several reasons for not using PHP's native sessions: - they are not secure (the session id is a simple non-encrypted cookie without any checks) - they are file based, and depending on the host config not always very secure (you can access other website's session files if not configured carefully) - they are file based, so you can't query them (for example to get the number of logged-in users) - they don't scale as well as a database does (not much of an issue in a single-server setup) and probably lots more. For me, the security issues alone are reason enough not to use them. New to Code Igniter & $_SESSION? - El Forum - 02-09-2011 [eluser]InsiteFX[/eluser] WanWizard, you can set the PHP Sessions to use a database. But you would need to write code yourself. InsiteFX |