CodeIgniter Forums
What happens to ci_seesion table when user logs out? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: What happens to ci_seesion table when user logs out? (/showthread.php?tid=64272)



What happens to ci_seesion table when user logs out? - behnampmdg3 - 02-02-2016

Hi;

I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?

The records still stay in ci_sessions table.

Thanks


RE: What happens to ci_seesion table when user logs out? - skunkbad - 02-02-2016

(02-02-2016, 07:21 PM)behnampmdg3 Wrote: Hi;

I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?

The records still stay in ci_sessions table.

Thanks

It depends. It doesn't sound like you created your authentication system. What are you using?


RE: What happens to ci_seesion table when user logs out? - kilishan - 02-02-2016

(02-02-2016, 07:21 PM)behnampmdg3 Wrote: I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?

IIRC, the Session library will periodically go through and clean up old sessions. This doesn't happen every time, but there is a small percent for it to happen on every page view. Or something similar.


RE: What happens to ci_seesion table when user logs out? - Narf - 02-03-2016

(02-02-2016, 07:21 PM)behnampmdg3 Wrote: Hi;

I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?

The records still stay in ci_sessions table.

Thanks

A well-designed authentication system would call session_destroy() on logout, in which case the session in use would be deleted.

Unfortunately, most devs don't do that and have a session running for all users, regardless of whether they're logged-in or not. In this case, a decent thing to do would be to call session_regenerate_id(true) on login/logout and that would at least replace the session ID when users' privileges are changed. Unfortunately, most devs don't do that either and you're left with what Lonnie said:

(02-02-2016, 08:40 PM)kilishan Wrote:
(02-02-2016, 07:21 PM)behnampmdg3 Wrote: I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?

IIRC, the Session library will periodically go through and clean up old sessions. This doesn't happen every time, but there is a small percent for it to happen on every page view. Or something similar.

That chance is exactly ini_get('session.gc_probability') / ini_get('session.gc_divisor'). Smile