+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=22)
+--- Thread: CI sessions - where is user data saved? (/showthread.php?tid=59248)
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]moot[/eluser]
Hi,
I am using the CI default session library with "save in DB" switched on.
I wonder where CI stores user data saved via with ...->session->set_userdata()? In the DB only
or in the DB as well as in the cookie?
Although it wouldn't matter from a security prespective to save even data such as "is_logged_in" in the cookie, because the cookie data gets matched against the data in the db, it doesn't feel good.
Thanks.
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]ortwin.van.vessem[/eluser]
Hi Moot,
When you enable to save the session data in the database the userdata() will be saved in the database. The cookie only holds the session ID.
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]moot[/eluser]
Thanks for your answer@ortwin..
No, the cookie also holds, for instance, the user agent.
If it wasn't like that, I wouldn't be so suspicious about where CI actually saves user data ...
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]ortwin.van.vessem[/eluser]
Hi Moot,
I read your question to fast, I thought you asked the community where CI stores the userdata when parameter sess_use_database is enabled in the config.php.
To be more precise. The following data is stored in a CI Cookie when the parameter sess_use_database = TRUE:
Code:
[array]
(
'session_id' => random hash,
'ip_address' => 'string - user IP address',
'user_agent' => 'string - user agent data',
'last_activity' => timestamp
)If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie, making the data highly secure and impervious to being read or altered by someone. The Session class will take care of initializing and encrypting the data automatically.
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]moot[/eluser]
[quote author="ortwin.van.vessem" date="1378843719"]Hi Moot,
I read your question to fast, I thought you asked the community where CI stores the userdata when parameter sess_use_database is enabled in the config.php.
To be more precise. The following data is stored in a CI Cookie when the parameter sess_use_database = TRUE:
Code:
[array]
(
'session_id' => random hash,
'ip_address' => 'string - user IP address',
'user_agent' => 'string - user agent data',
'last_activity' => timestamp
)If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie, making the data highly secure and impervious to being read or altered by someone. The Session class will take care of initializing and encrypting the data automatically.[/quote]
Thanks for your answer!
Ok, but that is all data that will be stored in the cookie - no user data? Am getting you right?
CI sessions - where is user data saved? - El Forum - 09-10-2013
[eluser]ortwin.van.vessem[/eluser]
This is all the data that will be stored in the local cookie when you enable the option to save the session userdata in the database which is not enabled by default.
The local cookie will then be used to determine if the session_id valid against the data in the database.
Keep in mind that you will need to delete your cookie if you are working in a development environment where you first stored the userdata in the cookie.
To delete the cookie execute the following function
Code:
$this->delete_cookie('cookie_name');