CI 1.6 sessions

[eluser]EugeneS[/eluser]
Derek, explain me please why you dont like native php sessions so much ?

native sessions was so expected in this release
why not to include native sessions support as option ?

in the documentation i see this note "The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers."

could you explain me this flexibility ?

1) database use
why should i use database and do extra queries just to receive session data when every one every where trying to minimize database load ?

2) cookies is not a way at all .. in big projects it is too small to keep required data + encryption make data even longer ...

*native sessions would minimize database load
*native sessions do not require any encryption so will speed up scripts
*they are rather secured - security is not a reason at all :\
*session size is also not a problem in this case ...

frankly speaking i dont see any flexibility in DB/cookie way ....

and during might be 2 years native sessions still not supported nativly in CI ... why ?

i glad i can use now active records because they become more flexible and convinient .. but up to me more important is native support of php sessions.

Thanks.

[eluser]Edemilson Lima[/eluser]
I read a post saying that native PHP session is not reliable, because it was not equal implemented in all hosting providers. So, CI developers opted for a custom session management.

What I wonder is if the user has cookies disabled. With native PHP session, PHP will automatically add the session ID in every URL. Well, this is not a perfect thing, but what a cookie session can do in this case?

About performance, is any cookie/database implementation made with PHP code faster than the native PHP session made in compiled C++?

[eluser]EugeneS[/eluser]
[quote author="Edemilson Lima" date="1202843140"]I read a post saying that native PHP session is not reliable, because it was not equal implemented in all hosting providers. So, CI developers opted for a custom session management.
[/quote]

frankly speaking not sure what do you mean here ...

i'm over 7 years in web development and during these years i havent seen any problems on Win/*nix servers (for 5 years i was mostly freelancer so you can imagine how many hosting companies i had chance to work with) with the native PHP sessions ... as i know PHP works in the same way on all major platforms (BUT even if it would be so PHP sessions can be added JUST AS THIRD OPTION - and only with all 3 ways we can say about FLEXIBILITY in docs .... because up to me the only thing which made me crazy in CI is absence of standard way of sessions )

also if cookies are disabled neither SQL nor Cookies sessions wont work (never tried sql sessions in CI (as well as cookies) so i'm not sure).

SID in url can be solved by hidden fields in the post form .. so this is not a problem at all ...

dont know what the flexibility was mentioned in CI docs but absence of native php sessions is really inconvenient when all the time i have to remember that from version to version i have to modify/change session class in all other i love CI .... i just want to have php sessions to be implemented natively in CI just as 3d option - no one force you to use native php sessions but in my opinion this have do be implemented natively in CI because this is FRAMEWORK and programmer should have possibility to use most convenient way ....

this is my opinion ... i think in CI community no one be against native php sessions support...

[eluser]Edemilson Lima[/eluser]

frankly speaking not sure what do you mean here ...

Well, that is not my own opinion. I'm also trying to understand why.

but absence of native php sessions is really inconvenient when all the time i have to remember that from version to version i have to modify/change session class in all other i love CI

I am using Native Session, but I placed it at my "/application/libraries" folder, instead of replace the "/system/libraries/Session.php". CodeIgniter will look for the libraries there first. If it find a library with the same name of a core library, it will use that instead.

I work with PHP since 2000 and never had any problem with sessions too.

The only thing I don't like in PHP session is what Firefox tabs do with it. Instead of each tab have its own cookie, they share the same cookie. So if you open the same web site twice, they use the same session ID and this leads to confusion. The same occurs with IE, if you don't open another window using its shortcut. To solve this problem I have used a little trick before session_start():

Code:

if(version_compare(phpversion(),'4.3.0')>=0) {
    if(!ereg('^SESS[0-9]+$',$_REQUEST['session_name']) and $_REQUEST['session_name']!='PHPSESSID') {
        $_REQUEST['session_name']='SESS'.getmypid();
    }
    if($_REQUEST['session_name']!='PHPSESSID') {
        output_add_rewrite_var('session_name',$_REQUEST['session_name']);
        session_name($_REQUEST['session_name']);
    }
}
session_start();

This enable me to open tabs with the same website and completely separated sessions. The only drawback is I need to write the session name where the output_add_rewrite_var() doesn't auto append it, like in Javascript calls, etc.

[eluser]EugeneS[/eluser]
[quote author="Edemilson Lima" date="1202851057"]

frankly speaking not sure what do you mean here ...

I am using Native Session, but I placed it at my "/application/libraries" folder, instead of replace the "/system/libraries/Session.php". CodeIgniter will look for the libraries there first. If it find a library with the same name of a core library, it will use that instead.
[/quote]

yes i know about this class as well as order of handling ... but when i was tried to use native sessions class it wasnt work as it was expected ... dont remember the issue it was long time ago (probably even very first version of this class), but ive decided that it would be faster to modify CI sessions class to support native sessions than use that class and understand what wrong there

thats why just support as 3d option would be great, no reason to not do this, no one force to use native php sessions way ... its up to programmer to choose way ... up to me only php sessions give me flexible fast way but not sql or cookies sessions ... :\ thats why ive asked about official position about php sessions ... why during 2 years support of php sessions wasnt added even in this last release when i'm sure that most of developers do not use sql or cookies sessions way but have to use plugin or own modifications ...

[eluser]Edemilson Lima[/eluser]
I agree with you. Native PHP sessions as an option would be great.

But there is one thing I want to know: if a web site have thousands of simultaneous requests, can it start a session for every request without blow up the server? Are sessions based on cookies or database any way better to handle this?

[eluser]EugeneS[/eluser]
[quote author="Edemilson Lima" date="1202852962"]
But there is one thing I want to know: if a web site have thousands of simultaneous requests, can it start a session for every request without blow up the server? Ares sessions based on cookies or database any way better to handle this?[/quote]

lets think.

database is always a thin section in the chain thats why every one trying to optimize his sql queries and thats why so many books were written about good database structures, methodics etc ... database is always slower that web server specially when you have to look through millions of records ... thats why database is not a way at all .... even without encryption. MORE OVER any way we store data in database serialized.

so what is faster serialize unserialize by functions and then write and recreate indexes or search and update or search and unserialize
OR searialize or unserialize by compiled php and open/write file which name is identical to session ID ?

database is not a speed way and only increase execution time and server load.

now about cookies ....
i think no one so stupid to use some private etc data in non encrypted cookie.
so cookie session must be encrypted ... what we have at the moment:

what is faster: encrypt AND decrypt cookie session by script means or serialize AND unserialize array by compiled PHP ... i think php will be faster + we "dont have" limitation, right + we dont have to send a lot of data with our request here and there all the time but just session id ....

so cookie not a way i think as well ...

do not see any flexibility to choose between VERY BAD and VERY BAD way both of them are VERY BAD especially if site is located on shared hosting (i think 90% are on shared hosting)...

so if you have DB cluster or server cluster or at least dedicated server .. go ahead and use DB sessions (even in this case i would never use DB sessions)

[eluser]EugeneS[/eluser]
still no answer from CI stuff ...

Derek or Rick could you answer ? why you do not want to add native php sessions as an option

[eluser]Edemilson Lima[/eluser]
I am using Native Session and it is working fine. Until now I did not have any problems.

Please note that the function name in the downloadable file is "CI_Session", while the first example in the Wiki is "Native_session". It was redesigned to work with CI 1.5 or later, where it replaces CI Session library completely. Just name it as "Session.php" and put it in your "application/libraries" directory. It works using the same original userdata() and set_userdata() functions, so no modifications are needed in pre-existing applications.

[eluser]Derek Allard[/eluser]
Eugene. This has been discussed considerably. Could I humbly ask that you seek out responses from me and Rick on the forums already, and if anything isn't clear, feel free to write back.