Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers CI sessions - where is user data saved?
CI sessions - where is user data saved?
  • El Forum
    Guest
  •  
#1
09-10-2013, 11:05 AM

[eluser]moot[/eluser]
Hi,

I am using the CI default session library with "save in DB" switched on.


I wonder where CI stores user data saved via with ...->session->set_userdata()? In the DB only
or in the DB as well as in the cookie?

Although it wouldn't matter from a security prespective to save even data such as "is_logged_in" in the cookie, because the cookie data gets matched against the data in the db, it doesn't feel good.

Thanks.

  • El Forum
    Guest
  •  
#2
09-10-2013, 11:20 AM

[eluser]ortwin.van.vessem[/eluser]
Hi Moot,

When you enable to save the session data in the database the userdata() will be saved in the database. The cookie only holds the session ID.
  • El Forum
    Guest
  •  
#3
09-10-2013, 11:30 AM

[eluser]moot[/eluser]
Thanks for your answer@ortwin..

No, the cookie also holds, for instance, the user agent.

If it wasn't like that, I wouldn't be so suspicious about where CI actually saves user data ...
  • El Forum
    Guest
  •  
#4
09-10-2013, 01:08 PM

[eluser]ortwin.van.vessem[/eluser]
Hi Moot,

I read your question to fast, I thought you asked the community where CI stores the userdata when parameter sess_use_database is enabled in the config.php.

To be more precise. The following data is stored in a CI Cookie when the parameter sess_use_database = TRUE:

Code:
[array]
(
     'session_id'    => random hash,
     'ip_address'    => 'string - user IP address',
     'user_agent'    => 'string - user agent data',
     'last_activity' => timestamp
)

If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie, making the data highly secure and impervious to being read or altered by someone. The Session class will take care of initializing and encrypting the data automatically.
  • El Forum
    Guest
  •  
#5
09-10-2013, 01:13 PM

[eluser]moot[/eluser]
[quote author="ortwin.van.vessem" date="1378843719"]Hi Moot,

I read your question to fast, I thought you asked the community where CI stores the userdata when parameter sess_use_database is enabled in the config.php.

To be more precise. The following data is stored in a CI Cookie when the parameter sess_use_database = TRUE:

Code:
[array]
(
     'session_id'    => random hash,
     'ip_address'    => 'string - user IP address',
     'user_agent'    => 'string - user agent data',
     'last_activity' => timestamp
)

If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie, making the data highly secure and impervious to being read or altered by someone. The Session class will take care of initializing and encrypting the data automatically.[/quote]

Thanks for your answer!

Ok, but that is all data that will be stored in the cookie - no user data? Am getting you right?
  • El Forum
    Guest
  •  
#6
09-10-2013, 01:25 PM

[eluser]ortwin.van.vessem[/eluser]
This is all the data that will be stored in the local cookie when you enable the option to save the session userdata in the database which is not enabled by default.

The local cookie will then be used to determine if the session_id valid against the data in the database.

Keep in mind that you will need to delete your cookie if you are working in a development environment where you first stored the userdata in the cookie.

To delete the cookie execute the following function
Code:
$this->delete_cookie('cookie_name');




Theme © iAndrew 2016 - Forum software by © MyBB