Welcome Guest, Not a member yet? Register   Sign In
Session handling
#11

[eluser]simshaun[/eluser]
After investigating this, here is what I found.

When you have CI storing sessions in the database:
A cookie is placed on the client's computer containing:
- session_id (PHP only stores this)
- ip_address
- user_agent
- last_activity

When loading a page that uses sessions:

CI Sessions:
CI grabs the session_id from the cookie and looks for a corresponding row in the database.
CI performs the security checks based on ip, user_agent, and last_activity.
If security check passes, session data is retrieved when you call it.

PHP Sessions: (assuming you also store them in the database)
PHP grabs the session_id from the cookie and looks for a corresponding row in the database.
If found, session data is retrieved when you call it.

Conclusion:
CI does NOT store your session data in the cookie, so long as you have set CI to store sessions in the database.
#12

[eluser]Nick Jennings[/eluser]
Hello, thanks for your reply.

Just wondering why the documentation would say the following, if the custom userdata was only kept in the database (and not also in the cookie).

Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.

Thanks,
Nick

[quote author="simshaun" date="1230677864"]After investigating this, here is what I found.

When you have CI storing sessions in the database:
A cookie is placed on the client's computer containing:
- session_id (PHP only stores this)
- ip_address
- user_agent
- last_activity

When loading a page that uses sessions:

CI Sessions:
CI grabs the session_id from the cookie and looks for a corresponding row in the database.
CI performs the security checks based on ip, user_agent, and last_activity.
If security check passes, session data is retrieved when you call it.

PHP Sessions: (assuming you also store them in the database)
PHP grabs the session_id from the cookie and looks for a corresponding row in the database.
If found, session data is retrieved when you call it.

Conclusion:
CI does NOT store your session data in the cookie, so long as you have set CI to store sessions in the database.[/quote]
#13

[eluser]simshaun[/eluser]
In previous versions of CI (< 1.7), CI actually stored session data in cookies by default (I have no idea why..).

The documentation remains like that for those who have not upgraded yet.

You need not worry about it if you are storing sessions in a database.

I do agree that they should alter the session documentation where it says
Quote:A useful aspect of the session array is that you can add your own data to it and it will be stored in the user's cookie. Why would you want to do this? Here's one example:

To
Quote:A useful aspect of the session array is that you can add your own data to it and it will be stored in the user's cookie or database, depending on your config. Why would you want to do this? Here's one example:
#14

[eluser]Nick Jennings[/eluser]
Excellent, thank you very much!

[quote author="simshaun" date="1230678853"]In previous versions of CI (< 1.7), CI actually stored session data in cookies by default (I have no idea why..).

They documentation remains like that for those who have not upgraded yet.

You need not worry about it if you are storing sessions in a database.[/quote]




Theme © iAndrew 2016 - Forum software by © MyBB