+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Session match IP (/showthread.php?tid=9326)
Session match IP - El Forum - 06-21-2008
[eluser]Nial[/eluser]
I noticed these two settings in config.php:
Code:
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;I have set my sessions to never expire, and don't require users to login. Obviously, this is not standard practice, but it's perfect for my situation. Now, my question: is it work setting sess_match_ip to TRUE? I take it this means that session with the same IP will share database rows?
Is matching the useragent better, in this case?
Session match IP - El Forum - 06-22-2008
[eluser]Seppo[/eluser]
Session with same IP should not share database rows.
When you set either to true, CI will match the previous data with the current one, so if you have an IP now, and try to use the same session later from other IP (lets say you are using a notebook and you connect at your work and then in your home) it will fail matching the IP and then a new session will be created.
User agent does the same thing... just matches it to check you are the same guy that was using the session before and it is not a session hijacking.