Will codeigniter delete old sessions with dynamic expiration?

Will codeigniter delete old sessions with dynamic expiration? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Will codeigniter delete old sessions with dynamic expiration? (/showthread.php?tid=56975)

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Sandro87[/eluser]
Let's say the static configuration has this

Code:
$config['sess_expiration']      = 7200;

$config['sess_expire_on_close'] = FALSE;

but you dynamically set a session cookie to last longer if the user has set a "remember me" feature inside your app

Code:
if ($this->input->post('remember_me')) {

                $this->session->sess_expiration = 0;

}

Exploring the Session class I noticed this code inside _sess_gc()

Code:
$expire = $this->now - $this->sess_expiration;

$this->CI->db->where("last_activity < {$expire}");

$this->CI->db->delete($this->sess_table_name);

if $this->session_expiration comes from the global config wouldn't this mean that sessions manually set to never expire will eventually get deleted by the garbage collector thus making your "remember me" feature useless?

Do you know another way to keep using dynamic expiration with the GC to delete actual expired session only? Do I need to extend with custom classes?
Or do you think it's best practice to create a custom session/cookie class dedicated to persistent login?
I thought since the session is already there (and secure) why not use it? Tongue

It's basically GC that can ruin everything.

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]InsiteFX[/eluser]
I just use a remember me cookie and always destroy the sessions on browser close.

If the cookie exists on the client system then I log the user back in.

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Harold Villacorte[/eluser]
Have you tried dynamically changing the [sess_table_name] and using a separate table for "remember me" data?

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Sandro87[/eluser]
[quote author="Harold Villacorte" date="1360002657"]Have you tried dynamically changing the [sess_table_name] and using a separate table for "remember me" data?[/quote]

I haven't tried that but I guess I'm just gonna develop a standalone method with cookies while still using the built-in sessions.

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Harold Villacorte[/eluser]
Just so we are both clear on what I meant, I was talking about something like this:

Code:
if ($this->input->post('remember_me')) {

    $this->session->sess_table_name = 'ci_sessions_remember';

    $this->session->sess_cookie_name = 'ci_session_remember';

    $this->session->sess_expiration = 0;

    $this->session->set_userdata('set_persistent_data_here');

}

CI won't know anything about this table until you run that code. You can also dynamically change config array items like this:

Code:
$this->config->set_item('item_name', 'item_value');

Cheers.

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Sandro87[/eluser]
Yes I got it but since to act on the new table I have to develop some code anyway I'll just use cookies and connect them internally to standard sessions.

Basically a "login token" method.

Will codeigniter delete old sessions with dynamic expiration? - El Forum - 02-04-2013

[eluser]Harold Villacorte[/eluser]
Well I have no idea what your application looks like, but I do believe what I am suggesting is an easy and secure way of creating a new cookie. Cheers eh.