[eluser]Rick Jolly[/eluser]
IMO, an ideal session library would use php native sessions with database storage and cookie-less sessions when the client won't accept cookies.
I like php native sessions because:
- only the session id is stored as a cookie on the client's computer.
- headers are added that allows IE to accept the cookie when security is set on high.
- a common api that can be used for any php application (not just CI) so it is cross-platform.
I like database storage because:
- it will work on distributed servers so it is scalable.
- you can easily query your database to find info about current logged in users. For example, how many users are currently logged in.
I like the option of cookie-less sessions (session id passed in the url) because:
- I've had clients behind a corporate firewall that won't accept cookies.
Unfortunately there are no CI libraries that have all these capabilities. Not one supports cookie-less sessions.
Native Session is a nice simple library. It adds flash data and session regeneration, but you have to use the CI methods instead of accessing the $_SESSION array which I find a bit more awkward.
OBSession is the most complete. When configured appropriately it will store the session id as a cookie and the rest of the data in the database. One drawback is that it sets the session id as a regular cookie as opposed to a native session cookie. That means that it will not work in IE if security is set to high.