Include a sessions folder? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6) +--- Forum: CodeIgniter 3.x (https://forum.codeigniter.com/forumdisplay.php?fid=17) +--- Thread: Include a sessions folder? (/showthread.php?tid=65453) |
Include a sessions folder? - cartalot - 06-13-2016 in application/config/config.php in the sessions section there is the line PHP Code: $config['sess_save_path'] = NULL; could this be changed to PHP Code: $config['sess_save_path'] = APPPATH.'/sessions'; and include a 'sessions' folder in the application? The problem is file sessions is the choice by default AND it works without setting the save path. Especially if you are developing and not closing and reopening your browser - sessions works perfectly without this set. I can appreciate the viewpoint that everyone should read every single line of the manual. But it seems like by just including one folder in application, and changing that one line - it would make it much easier for anyone trying to learn codeigniter and for people upgrading from CI 2. And if its not used then its just another empty folder like 'third_party'. Credit to @InsiteFX for helping people with this issue on the forum. RE: Include a sessions folder? - Narf - 06-14-2016 It can work without explicit configuration because there's a fallback to the session.save_path value from php.ini, which is way better than any empty directory that CI could have by default. What I refer to with the word "better" is security. RE: Include a sessions folder? - cartalot - 06-14-2016 If its not optimal to include a folder, then sessions should just be turned off by default. And add a couple of lines to the config with example paths for a session files folder. Even in the manual on the session library page there are no examples of how to do this. The huge problem is that sessions working half way without explicit configuration is much worse then not working at all. Because it 'works' it would be very easy for it not to be caught during development - and then have the issue arise after a site or app goes live. RE: Include a sessions folder? - skunkbad - 06-14-2016 (06-14-2016, 01:28 PM)cartalot Wrote: If its not optimal to include a folder, then sessions should just be turned off by default. And add a couple of lines to the config with example paths for a session files folder. Even in the manual on the session library page there are no examples of how to do this. All you'd accomplish by doing that is confuse people even more than they already are. Notice how many people posting in the forum do not read the documentation, and also how many people who know very little PHP. The way it is now is the best default configuration, and common to any framework. RE: Include a sessions folder? - Narf - 06-14-2016 (06-14-2016, 01:28 PM)cartalot Wrote: If its not optimal to include a folder, then sessions should just be turned off by default. It is Off by default and has never been On. (06-14-2016, 01:28 PM)cartalot Wrote: And add a couple of lines to the config with example paths for a session files folder. Even in the manual on the session library page there are no examples of how to do this. Examples for what exactly? A directory path that is almost guaranteed to exist and be usable? Unless you're the only user on the server, all such paths are inherently insecure. Unless you're suggesting a random path that the user would have to create, there is no viable example. The user guide has one job in this regard - to explain what you need to consider - and it already does that. RE: Include a sessions folder? - cartalot - 06-14-2016 (06-14-2016, 03:34 PM)Narf Wrote: It is Off by default and has never been On. i meant change this: $config['sess_driver'] = 'files'; to something like this $config['sess_driver'] = NULL; because - unless i'm missing something - sessions works without any changes to the config. (06-14-2016, 03:34 PM)Narf Wrote: Examples for what exactly? A directory path that is almost guaranteed to exist and be usable? A couple of examples of what typically would be in $config['sess_save_path'] . It does not need to cover all cases. Just some samples to help people get started. RE: Include a sessions folder? - Narf - 06-15-2016 (06-14-2016, 05:18 PM)cartalot Wrote:(06-14-2016, 03:34 PM)Narf Wrote: It is Off by default and has never been On. I don't see the point. If one loads the library without reading its documentation and not even looking at the config, it is very obvious that every other effort on our part is futile. (06-14-2016, 05:18 PM)cartalot Wrote:(06-14-2016, 03:34 PM)Narf Wrote: Examples for what exactly? A directory path that is almost guaranteed to exist and be usable? There is no "typical" would be value. It's a directory path, an absolute one (there's a warning for that in the config), and it has to be accessible ONLY by you. No such paths exist by default on any environment; the documentation shows how to create one. I don't know how else to explain this ... it's either "/foo/bar/" or nothing, and "/foo/bar/" helps nobody. RE: Include a sessions folder? - andrelupus1 - 02-14-2019 PHP.INI session.save_path = "/tmp" CONFIG.PHP CODEIGNITER $config['sess_save_path'] = '/tmp'; |