[eluser]a.somervell[/eluser]
Well, after a lot of bloody time thinking about it, I came up with the following for CI 1.7.1+
Dont hack Session.php, create a MY_Session.php so you're not touching the core.
Copy the sess_read() and _set_cookie() functions into it.
The first few lines look like this: (we're basically allowing the encrypted, serialized cookie data to be posted by the JS)
Code:
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class MY_Session extends CI_Session
{
var $cookie_data = FALSE;
/**
* Fetch the current session data if it exists
*
* @access public
* @return bool
*/
function sess_read()
{
// Fetch the cookie or post data
$session = ($this->CI->input->post('cookie_data')) ? $this->CI->input->post('cookie_data') : $this->CI->input->cookie($this->sess_cookie_name);
Then, just before the setcookie() function in _set_cookie add:
Code:
$this->cookie_data = $cookie_data;
In your view set:
Code:
post_params: {"cookie_data": "<?=$this->session->cookie_data?>"},
Working for me, can't see any security issues with it but if anyone can see one let me know, peer review away