Storing Array Data in CI Session

[eluser]Kyle Johnson[/eluser]
Good Morning,

I am hoping someone can help me with this small question.

I use the database version of the CI Sessions to store permissions. It is stored as an array.

Code:

$this->session->set_userdata('permissions', $permissions);

Is there a way to get specific array data from within the session?

Code:

$permissions = $this->session->userdata('permissions["shp"]'); // Example, this does not actually work!!

Currently I have to do the following:

Code:

$permissions = $this->session->userdata('permissions');
echo $permissions['shp']['add'];

This isn't a huge deal, but I would prefer not to have to load the entire permissions dataset into each page that needs permissions.

Any thoughts?

[eluser]Dam1an[/eluser]
As far as I'm aware, you can't do that, but if you're running PHP5, you should be able to chain the methods, so you can do

Code:

$this->session->userdata('permissions')['shp'];

It doesn't overcome the problem of loading the entire array, but puts it all into one line

Or, you could extend the session class?

[eluser]Kyle Johnson[/eluser]
I meant to post that I tried that too..

"Parse error: syntax error, unexpected '[' in C:\www\application\controllers\shipping.php on line 20"

I think it might be more beneficial for me to separate the different modules into their own session variables anyways.

Instead of:

Code:

// after login
$permissions = array(); // large array from role based tables in DB.
$this->session->set_userdata('permissions', $permissions);

// in secured controller
$permissions = $this->session->userdata('permissions');
echo $permissions['shp']['add'];

I can do:

Code:

// after login
$permissions = array(); // large array from role based tables in DB.
$this->session->set_userdata('perm_bil', $permissions['bil']);
$this->session->set_userdata('perm_shp', $permissions['shp']));

// in secured controller
$perm_shp = $this->session->userdata('perm_shp');
echo $perm_shp['add'];

Do you see any issues in doing it this way?

[eluser]warrennz[/eluser]
Im not 100% on this but one of the DB Session handlers I used to use allowed you to do

Code:

$ar = array('user_id'=>900,
            'username'=>'John Doe');

$this->session->set_userdata('user_details',$ar);


$this->session->userdata('user_details','user_id'); //Return 900;

Is that the sorta thing you're after?

[eluser]Natebot[/eluser]
[quote author="warrennz" date="1240632069"]Im not 100% on this but one of the DB Session handlers I used to use allowed you to do

Code:

$this->session->userdata('user_details','user_id'); //Return 900;

Is that the sorta thing you're after?[/quote]

Unfortunately the method doesn't take a second argument (though you could extend it to do it).
So the call just returns the user_details array.

The session data's custom user data is stored in a serialized array. So your data is store, along with any other custom data, like so:

Code:

a:2:{s:12:"custom_data";s:13:"custom_data_value";s:12:"user_details";a:2:{s:7:"user_id";s:3:"900";s:8:"username";s:8:"John Doe";}}

The session class will get and unserialize the data all in one go.

[eluser]Natebot[/eluser]

I can do:

Code:

// after login
$permissions = array(); // large array from role based tables in DB.
$this->session->set_userdata('perm_bil', $permissions['bil']);
$this->session->set_userdata('perm_shp', $permissions['shp']));

// in secured controller
$perm_shp = $this->session->userdata('perm_shp');
echo $perm_shp['add'];

Do you see any issues in doing it this way?

the only issue that comes to mind is that $perm_shp is at risk of being overwritten accidentally. It's not like the session objects userdata parameter is protected but you could do that if you extend the class with PHP5. Likewise you could extend the Controller class to hold the data in a protected parameter.

[eluser]Stelian Mocanita[/eluser]
An other issue might be that once the session is rewritten the storage array does not update so a slightly better approach on my behalf would be passing it be reference so you know you will always have the updated session data there.

[eluser]Kyle Johnson[/eluser]
Well.. The $perm_shp doesn't need to update the session data as it is just used for permissions. If a certain page needs to reinitialize permissions (for instance, viewing sensitive reports) then I would call a function to get the permissions from the db again, and they would be redirected (or an error message) if they didn't have sufficient privileges.

But if I were to pass it by reference, then I would do...

Code:

$perm_shp =& $this->session->userdata('perm_shp');

I could then even store it in a var to give access to all functions within the controller.

[eluser]Thorpe Obazee[/eluser]
[quote author="Kyle Johnson" date="1240608644"]
Currently I have to do the following:

Code:

$permissions = $this->session->userdata('permissions');
echo $permissions['shp']['add'];

[/quote]

Well, I actually used this in some development But didn't actually checked for a better way to get the data and it seems the be the best way to get it.

[eluser]Kyle Johnson[/eluser]
Sounds good enough to me.

I'll go ahead and use it, or a slight modification of it, for now.

I think I may separate the permissions so that it isn't possible for a hijack to take over all permissions, they would need to build the serialized array, not have it handed to them.