+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: Session is only saved into cookie? (/showthread.php?tid=5667)
Session is only saved into cookie? - El Forum - 01-30-2008
[eluser]No0oB[/eluser]
Hey guys.
First of all I have to say that I am not that experienced with frameworks, however I just LOVE this one. You did a tremendous job on creating CodeIgniter.
I have made some stuff with it already and keep developping tons of modules and so on. I have not had a single issue yet, due to the very structured and detailed user guide.
However, I have one question remaining.
When using Sessions, are they only saved in cookies?
I have had a report, that the session is not working, once you do not accept cookies by default.
Is there a setting I have not seen yet or is it normal?
I mean, I do get the reason, why you would do it, since you sort of "abolished" the $_SESSION-Array. However, I don't get why I would be using the feature to save the session into the database, when the data is saved into the cookie.
Any advice?
Thanks in advance.
Session is only saved into cookie? - El Forum - 01-30-2008
[eluser]Pascal Kriete[/eluser]
Right now the information in the database is only used for session validation. I think I read a post by Derek (one of them) that this may change in the next release. Until then one of [url="http://codeigniter.com/wiki/Category:Libraries::Session/"]these[/url] might work.
Session is only saved into cookie? - El Forum - 01-30-2008
[eluser]Aea[/eluser]
The current session class is really unappealing to me right now, the notion of storing a session as a pure cookie seems very much like trying to reinvent something which already works at a very high level and failing miserably. In fact, it's probably the only session that I really wouldn't use out of the box, ever. I'm using native session (see the link that Inparo provided) library right now and I'm loving it. It's basically a regular PHP session with the exception that that it seamlessly rotates cookie IDs, which is important in preventing session fixation. I am quite used to using $_SESSION instead of $this->session->function() as well. Native session also implements flashdata, but I'm not finding that extremely useful right now, it's a feature I could live without.
Session is only saved into cookie? - El Forum - 01-31-2008
[eluser]Unknown[/eluser]
Storing sessions in cookies isn't neccissarily a bad thing. If done correctly (securely) there are actually benefits.
You'll notice that Ruby on Rails recently changed to a cookie based session as it's default. They fleshed it out really well with regards to features and security, read about some of that here:
Rails 2.0 Cookie session store and security
Their reasons for doing so share many of the same reasons it's done like this for CodeIgniter. That being said, however, I really wish CI would implement options. So you could easily choose between cookie, db, etc sessions in the config file. Hopefully that will come in CI 1.7. :long: