Welcome Guest, Not a member yet? Register   Sign In
Session is only saved into cookie?
#1

[eluser]No0oB[/eluser]
Hey guys.
First of all I have to say that I am not that experienced with frameworks, however I just LOVE this one. You did a tremendous job on creating CodeIgniter.
I have made some stuff with it already and keep developping tons of modules and so on. I have not had a single issue yet, due to the very structured and detailed user guide.

However, I have one question remaining.

When using Sessions, are they only saved in cookies?

I have had a report, that the session is not working, once you do not accept cookies by default.
Is there a setting I have not seen yet or is it normal?

I mean, I do get the reason, why you would do it, since you sort of "abolished" the $_SESSION-Array. However, I don't get why I would be using the feature to save the session into the database, when the data is saved into the cookie.

Any advice?

Thanks in advance.
#2

[eluser]Pascal Kriete[/eluser]
Right now the information in the database is only used for session validation. I think I read a post by Derek (one of them) that this may change in the next release. Until then one of [url="http://codeigniter.com/wiki/Category:Libraries::Session/"]these[/url] might work.
#3

[eluser]Aea[/eluser]
The current session class is really unappealing to me right now, the notion of storing a session as a pure cookie seems very much like trying to reinvent something which already works at a very high level and failing miserably. In fact, it's probably the only session that I really wouldn't use out of the box, ever. I'm using native session (see the link that Inparo provided) library right now and I'm loving it. It's basically a regular PHP session with the exception that that it seamlessly rotates cookie IDs, which is important in preventing session fixation. I am quite used to using $_SESSION instead of $this->session->function() as well. Native session also implements flashdata, but I'm not finding that extremely useful right now, it's a feature I could live without.
#4

[eluser]Unknown[/eluser]
Storing sessions in cookies isn't neccissarily a bad thing. If done correctly (securely) there are actually benefits.

You'll notice that Ruby on Rails recently changed to a cookie based session as it's default. They fleshed it out really well with regards to features and security, read about some of that here:

Rails 2.0 Cookie session store and security

Their reasons for doing so share many of the same reasons it's done like this for CodeIgniter. That being said, however, I really wish CI would implement options. So you could easily choose between cookie, db, etc sessions in the config file. Hopefully that will come in CI 1.7. :long:




Theme © iAndrew 2016 - Forum software by © MyBB