Best php 5 session alternative to Native Session

[eluser]obobo[/eluser]
I've been using the Native Session library on previous projects running php 4, but i'm upgrading to php 5 now and need to have sessions expire when the browser is closed. I'd also like to start storing sessions in my db, but that is currently less of a priority than the browser close issue.

What is the best current alternative to Native Session library for php 5?

I found KNDB, but there was some discussion as to whether its method of storing variables in cookies was secure. I'm a complete novice on that front, so have no way of determining for myself.

any suggestions?

[eluser]Jamie Rumbelow[/eluser]
The only way of ending a session on browser close is an AJAX request.

I use the native session library mostly, but I also like http://codeigniter.com/wiki/DB2_Session/

Jamie

[eluser]paulopmx[/eluser]
Hi,

I was in the same pickle as you, so I took NG Session and modified it to allow the session to be removed on browser closed.

Download it here

just place the extracted file in /system/application/libraries

add this to your db

Code:

CREATE TABLE `ci_sessions` (
  `session_id` varchar(40) NOT NULL default '0',
  `ip_address` varchar(16) NOT NULL default '0',
  `user_agent` varchar(50) NOT NULL,
  `last_activity` int(10) unsigned NOT NULL default '0',
  `session_data` text,
  PRIMARY KEY  (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

in your config.php

Code:

$config['sess_cookie_name']            = 'ci_session';
$config['sess_expiration']            = 0;
$config['sess_encrypt_cookie']        = FALSE;
$config['sess_table_name']            = 'ci_sessions';
$config['sess_match_ip']            = TRUE;
$config['sess_match_useragent']        = TRUE;
$config['sess_use_database']        = TRUE;
$config['sess_time_to_update']        = 300;

setting $config['sess_expiration'] to 0 will tell the browser to delete the session on browser close, using -1 will tell the browser to delete the session after 2 years, or you can set your own in minutes.

This is just a modification of NG Session so you can use its wiki

http://codeigniter.com/wiki/NG_Session/

Hope this helps.

Paulo

[eluser]obobo[/eluser]
thanks paulo ... i'll give it a try.

[eluser]easymind[/eluser]
Thanx paulo, it worked for me.

I already stripped out some sensitive data from session since it was stored client side. This works much better of course.

I did look into the 5 session libs at the wiki but couldn't decide fast enough and went on. But your solution gives me browser close session destroy and server side session data, just like you said and what was asked.

This is a must have for websites that can run in public places (and have login accounts)...

[eluser]easymind[/eluser]
I hope NG_Session's maker writes better code than comments, because they seem to suggest this in their top comments:

Code:

* Use database, set:
* $config['sess_use_database']       = FALSE;
* Use cookies, set (or leave empty because cookie is the default):
* $config['sess_use_database']       = TRUE;

[eluser]paulopmx[/eluser]
[quote author="easymind" date="1211008219"]Thanx paulo, it worked for me.

I already stripped out some sensitive data from session since it was stored client side. This works much better of course.

I did look into the 5 session libs at the wiki but couldn't decide fast enough and went on. But your solution gives me browser close session destroy and server side session data, just like you said and what was asked.

This is a must have for websites that can run in public places (and have login accounts)...[/quote]

Glad I could help.

[eluser]bikuta[/eluser]
So is the Native Session library not compatible with PHP 5?

[eluser]quasiperfect[/eluser]
can someone repost the file link is dead