[eluser]Nick Jennings[/eluser]
Hello, thanks for your reply.
Just wondering why the documentation would say the following, if the custom userdata was only kept in the database (and not also in the cookie).
Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.
Thanks,
Nick
[quote author="simshaun" date="1230677864"]After investigating this, here is what I found.
When you have CI storing sessions in the database:
A cookie is placed on the client's computer containing:
- session_id (PHP only stores this)
- ip_address
- user_agent
- last_activity
When loading a page that uses sessions:
CI Sessions:
CI grabs the session_id from the cookie and looks for a corresponding row in the database.
CI performs the security checks based on ip, user_agent, and last_activity.
If security check passes, session data is retrieved when you call it.
PHP Sessions: (assuming you also store them in the database)
PHP grabs the session_id from the cookie and looks for a corresponding row in the database.
If found, session data is retrieved when you call it.
Conclusion:
CI does NOT store your session data in the cookie, so long as you have set CI to store sessions in the database.[/quote]