Tutorial for CI's session with session table and encryption |
[eluser]digity[/eluser]
Most of the video tutorials series touch on CI's user sessions class, but ignore the session table and encryption enabled features. Are there any tutorials (video or textual) that help you with using CI's user sessions class with the session table and encryption?
[eluser]CrossMotion[/eluser]
Never found one, but CodeIgniter has a great user guide, http://ellislab.com/codeigniter/user-gui...sions.html. Pretty much anything you can do with the session class can be found here. And if you have any specific questions, just post them here ;-).
[eluser]digity[/eluser]
Okay. I installed mcrypt for session/cookie encryption and enabled encryption in sessions section of config.php - how do get mcrypt to encrypt users' sessions? How do I verify its actually encrypting properly? Also, how do I validate a users' session against the session table?
[eluser]CrossMotion[/eluser]
I think, CodeIgniter uses mycript as default encryption method when available, but I'm not 100% sure. You can use firebug to check if the session var is encrypted. If you want to be completely sure your session can not be read, just save it in the DB and only send the session ID to the client. CI can check the IP and useragent. Is this what you mean with "validate".
[eluser]InsiteFX[/eluser]
It encrypts the config encryption key using md5 It checks to see if mcrypt is avaiable if not it uses xor and base64 See: system/libraries/encrypt.php Also the session table is wrong they have changed the user_agent size to 120 it is not 50 InsiteFX
[eluser]digity[/eluser]
Okay, so I don't have to do anything? Everything is doing it's thing automagically?
[eluser]InsiteFX[/eluser]
You need to load the Session Library most users do this in application/config/autoload.php Code: $autoload['libraries'] = array('database', 'session'); You can find this in the CodeIgniter User Guide - Session Class InsiteFX |
Welcome Guest, Not a member yet? Register Sign In |