Session is only saved into cookie? |
[eluser]No0oB[/eluser]
Hey guys. First of all I have to say that I am not that experienced with frameworks, however I just LOVE this one. You did a tremendous job on creating CodeIgniter. I have made some stuff with it already and keep developping tons of modules and so on. I have not had a single issue yet, due to the very structured and detailed user guide. However, I have one question remaining. When using Sessions, are they only saved in cookies? I have had a report, that the session is not working, once you do not accept cookies by default. Is there a setting I have not seen yet or is it normal? I mean, I do get the reason, why you would do it, since you sort of "abolished" the $_SESSION-Array. However, I don't get why I would be using the feature to save the session into the database, when the data is saved into the cookie. Any advice? Thanks in advance.
[eluser]Pascal Kriete[/eluser]
Right now the information in the database is only used for session validation. I think I read a post by Derek (one of them) that this may change in the next release. Until then one of [url="http://codeigniter.com/wiki/Category:Libraries::Session/"]these[/url] might work.
[eluser]Aea[/eluser]
The current session class is really unappealing to me right now, the notion of storing a session as a pure cookie seems very much like trying to reinvent something which already works at a very high level and failing miserably. In fact, it's probably the only session that I really wouldn't use out of the box, ever. I'm using native session (see the link that Inparo provided) library right now and I'm loving it. It's basically a regular PHP session with the exception that that it seamlessly rotates cookie IDs, which is important in preventing session fixation. I am quite used to using $_SESSION instead of $this->session->function() as well. Native session also implements flashdata, but I'm not finding that extremely useful right now, it's a feature I could live without.
[eluser]Unknown[/eluser]
Storing sessions in cookies isn't neccissarily a bad thing. If done correctly (securely) there are actually benefits. You'll notice that Ruby on Rails recently changed to a cookie based session as it's default. They fleshed it out really well with regards to features and security, read about some of that here: Rails 2.0 Cookie session store and security Their reasons for doing so share many of the same reasons it's done like this for CodeIgniter. That being said, however, I really wish CI would implement options. So you could easily choose between cookie, db, etc sessions in the config file. Hopefully that will come in CI 1.7. :long: |
Welcome Guest, Not a member yet? Register Sign In |