Session encrypt and about overwrite config expiration

1) I always encrypt my sessions with the encryption library. Whether you use files or database, the session data is on the server, and it makes me more comfortable knowing that the contents is encrypted.

Seems ok, I'll encrypt too. Thank you!

2) Normally you would just set the sess_expiration in config/config. Do you mean that you would like some sessions to have a different sess_expiration value? You might be able to set the sess_expiration using $this->session->sess_expiration = n;, but I have never tried that.

My mistake, wrong logic yesterday. I should use cookie+db to store remember me sessions. So don't real need this one. Thanks anyway.



Another question: I've tried with $config['sess_expiration'] = 7200;. It works fine on user browser, but in the application/sessions/ it don't delete the old session files. I should provide check to delete older file with something like:

PHP Code:

 $files = glob($config['sess_save_path']."*");
 $now   = time();

 foreach ($files as $file) {
   if (is_file($file)) {
     if ($now - filemtime($file) >= $config['sess_expiration']) {
       unlink($file);
     }
   }
 } 


?

Old sessions are cleaned up with garbage collection, which CI does automatically at random intervals.

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3