(02-02-2016, 07:21 PM)behnampmdg3 Wrote: Hi;
I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?
The records still stay in ci_sessions table.
Thanks
A well-designed authentication system would call session_destroy() on logout, in which case the session in use would be deleted.
Unfortunately, most devs don't do that and have a session running for all users, regardless of whether they're logged-in or not. In this case, a decent thing to do would be to call session_regenerate_id(true) on login/logout and that would at least replace the session ID when users' privileges are changed. Unfortunately, most devs don't do that either and you're left with what Lonnie said:
(02-02-2016, 08:40 PM)kilishan Wrote: (02-02-2016, 07:21 PM)behnampmdg3 Wrote: I use db for logins,,, I was wondering what happens to ci_seesion table when user logs out?
IIRC, the Session library will periodically go through and clean up old sessions. This doesn't happen every time, but there is a small percent for it to happen on every page view. Or something similar.
That chance is exactly ini_get('session.gc_probability') / ini_get('session.gc_divisor').
