+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Why CodeIgniter not using native session? (/showthread.php?tid=881)
Why CodeIgniter not using native session? - musicalangel - 01-25-2015
Greetings,
I start using CI when version 2.1.4 launch, soon i realize that, CI session library are using cookie(which store in client browser).
The question is, why using cookie?
Are cookie have many advantage than PHP native session?
Back into my collage ages, the web development bible always said, never trust cookie because it will cause security problems.
Until version 3.X, the session driver providing quite a lot of choices but no native session
is there a reason?
Hope development team can explain.
Thanks.
RE: Why CodeIgniter not using native session? - ivantcholakov - 01-25-2015
People make mistakes sometimes.
RE: Why CodeIgniter not using native session? - dmyers - 01-25-2015
I believe IIRC their session cookie had some kind of validation built in to make sure it wasn't modified. That said you are correct (just like vantcholakov said) it wasn't one of there best decisions. Only relying on the native session handler can present security issues if your not careful. CI3 will give you choices.
RE: Why CodeIgniter not using native session? - RobertSF - 01-25-2015
I don't know why that design decision was made, but fortunately, it's very, very easy to create a native session library. Here's a nice blog post that explains how. https://www.moreofless.co.uk/using-native-php-sessions-with-codeigniter/
RE: Why CodeIgniter not using native session? - musicalangel - 01-25-2015
(01-25-2015, 05:06 PM)RobertSF Wrote: I don't know why that design decision was made, but fortunately, it's very, very easy to create a native session library. Here's a nice blog post that explains how. https://www.moreofless.co.uk/using-native-php-sessions-with-codeigniter/
Thanks for the share, it not hard by googling the alternative solution.
I just wanna find out the philosophy of the session library
RE: Why CodeIgniter not using native session? - ivantcholakov - 01-25-2015
Oh, then you have to research why they did not like PHP4 native session, this is waste of time.
RE: Why CodeIgniter not using native session? - Narf - 01-26-2015
Huh ... I'm quite sure I wrote an answer to this yesterday. I guess I hit "Preview" instead of "Submit".
Long story short - I can give an educated guess about "why", but whoever made the decision is no longer involved with the project and it doesn't matter anyway. CI3 utilizes PHP's session handling features, so that's that.
RE: Why CodeIgniter not using native session? - musicalangel - 01-26-2015
(01-26-2015, 03:32 AM)Narf Wrote: Huh ... I'm quite sure I wrote an answer to this yesterday. I guess I hit "Preview" instead of "Submit".
Long story short - I can give an educated guess about "why", but whoever made the decision is no longer involved with the project and it doesn't matter anyway. CI3 utilizes PHP's session handling features, so that's that.
I know CI3 session driver have huge improvement, thanks for your great efforts.
But..., Can't you making fanboy a favor. please?
