Welcome Guest, Not a member yet? Register   Sign In
CI Sessions - time_to_update
#1

[eluser]simonmaddox[/eluser]
I figure there must be a reason for this, so instead of setting it to a insanely high number (or 0, I imagine) I figured I’d find out…

What’s the reasoning behind time_to_update? Every x seconds, it’ll simply update the existing session with a new session_id.

The only reason I can think of is to do with session hijacking, but a constantly changing session_id makes using it in other tables (as a foreign key) a pain.
#2

[eluser]Pascal Kriete[/eluser]
You shouldn't be using the session id in other tables, they're not tied to a user (not in that way in any case). You wouldn't use SID for regular PHP sessions either. Instead you should set your own unique identifier.

Most of the time the user table has an auto-incrementing id, so just store that in the session:
Code:
$id = $this->db // whatever
$this->session->set_userdata('user_id', $id);
#3

[eluser]simonmaddox[/eluser]
Right, that makes sense. I was toying between both of them.

I'm still unsure on why the session_id would change though - is it to prevent session hijacking, or something else? Just want to take it into account, that's all Smile
#4

[eluser]slowgary[/eluser]
Sorry to resurrect an old thread, but I'm wondering the same thing...

If my application needs to tie other tables to a user's session, using the session class (databased sessions) would make it difficult, since I could no longer join the tables.

Does anyone know of a better way to manage the process of retrieving a user's session data and join other tables using CI's database sessions?

I suppose one could just allow the session class to do it's query, then grab any data needed for other queries using $this->session->userdata('other_table_id'), but that doesn't seem optimal.

Thanks in advance for your help.




Theme © iAndrew 2016 - Forum software by © MyBB