Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Sessions
Sessions
  • El Forum
    Guest
  •  
#1
06-19-2010, 07:30 AM

[eluser]elmne[/eluser]
Is there a way or class that can be used in Codeigniter which supports PHP native sessions as well as database storage?

There seems to be two problems with using cookies for sessions

- If the browser of the user has cookies disabled.
- The cookie can be modified, which requires validation using codeigniter session database.

Can someone point out weaknesses of PHP native sessions ?

Can PHP native sessions be spoofed too? and if so, can they be encrypted and also validated against the database?
  • El Forum
    Guest
  •  
#2
06-19-2010, 08:17 AM

[eluser]WanWizard[/eluser]
CodeIgniters cookies are encrypted, so tampering with them is not going to be easy. The cookie contains the users IP and User agent, which is checked as well, to protect against session hijacking.

If the browser has cookies disabled, you're in trouble. But who has these days? Most websites don't work without cookies.

The only solution for that is to pass the session id in the URL, which is what I assume you refer to when you talk about native sessions. Which means the session ID is visible for anyone, unless you encrypt that as well. You still have your IP and User Agent check.

It shouldn't be to difficult to modify the session library to use a session id from the URI instead of using the cookie.




Theme © iAndrew 2016 - Forum software by © MyBB