(12-07-2015, 01:13 AM)Diederik Wrote: The session data is always stored serverside. A cookie is data stored in the client side. When you use a session in PHP a small cookie is created (a session id token). That way the session id is stored clientside and PHP makes the connection between the user (based on the session id) and all the data inside the session (stored on server).
The SQL that is used to create the table that stores the sessions:
Code:
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(45) DEFAULT '0' NOT NULL,
user_agent varchar(120) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id),
KEY `last_activity_idx` (`last_activity`)
);
The data itself is stored as a TEXT field which can hold 64 Kilobytes. The 4K you refer to is the max size of a cookie (all cookies for a domain are counted together).
This SQL code refers to the CI2 sessions ... which are in fact always stored in a cookie. Even when you use a database, it's just a duplicate of the cookie-stored data.
CI3 matches your description, but uses a different database structure (that is, if you pick the database session driver).