+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: Encrypted session BLOB? (/showthread.php?tid=66837)
Pages:
1
2
Encrypted session BLOB? - mikeV - 12-09-2016
Hi,
Installed CI 3.1.0 on the online server and the session data (BLOB in ci_sessions) seems to be encrypted, something like: 3zM_T6RPpROqB8aZm8Ek.......
On a local server (during development) it wasn't encrypted, it was something like that: _ci_last_regenerate|i:1478096011....
Any idea why this is happening?
The online server uses PHP 5.5.23 and MySQL 5.6.34.
Thanks
RE: Encrypted session BLOB? - Narf - 12-09-2016
Not caused by CI. Probably something like Suhosin is at work.
Why do you care? You're not supposed to read that data anyway.
RE: Encrypted session BLOB? - mikeV - 12-09-2016
I need to use it for cart remarketing, it's for an e-commerce site.
RE: Encrypted session BLOB? - mikeV - 12-09-2016
LE: Suhosin was encrypting it, in case someone else encounters the problem.
+1 Narf
RE: Encrypted session BLOB? - Narf - 12-09-2016
I don't think you get it ... There's no reliable way to read that data properly from "userland"; ONLY the PHP engine can do that. Even if it somehow works for you currently, that's a lucky dice roll, and it may break at any time.
If you think you "need" it, it's only because the data is already sitting there and you're looking for a shortcut to it. I know it's easy to fall into that trap, but it is a trap.
RE: Encrypted session BLOB? - mikeV - 12-09-2016
Ok, so what should I do? Duplicate the data to another database table?
RE: Encrypted session BLOB? - Narf - 12-09-2016
(12-09-2016, 09:48 AM)mikeV Wrote: Ok, so what should I do? Duplicate the data to another database table?
Something like that ... Depends on what you mean.
You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want. But the point is to avoid accessing the data in its serialized state.
RE: Encrypted session BLOB? - twistedpixel - 01-31-2017
(12-09-2016, 10:59 AM)Narf Wrote: ... You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want ...
Hi Narf,
Sorry to revive this thread but I came across it trying to figure out how to do exactly that. I'm struggling to figure out how to extend the database session driver so I can add a username field which would make it easier to confirm if someone is logged in, among other things. I had hoped to overwrite the write() function.
Is this possible? I've gone through the CI docs but this doesn't seem to be outlined. Any advice would be much appreciated.
RE: Encrypted session BLOB? - Narf - 01-31-2017
(01-31-2017, 10:23 AM)twistedpixel Wrote:(12-09-2016, 10:59 AM)Narf Wrote: ... You can even add more fields to the sessions table, so that it is tied to the session ID, if that's what you want ...
Hi Narf,
Sorry to revive this thread but I came across it trying to figure out how to do exactly that. I'm struggling to figure out how to extend the database session driver so I can add a username field which would make it easier to confirm if someone is logged in, among other things. I had hoped to overwrite the write() function.
Is this possible? I've gone through the CI docs but this doesn't seem to be outlined. Any advice would be much appreciated.
It's possible, but you don't really need to do that.
You only need to update the column while doing login, logout and then override CI_Session:
ess_regenerate() to carry over the value when regeneration happens.
RE: Encrypted session BLOB? - twistedpixel - 02-01-2017
(01-31-2017, 11:44 AM)Narf Wrote: It's possible, but you don't really need to do that.
You only need to update the column while doing login, logout and then override CI_Session:
It's always the simplest solution that I haven't thought of! Thanks, I appreciate it
Thanks for all your work on the CI project.