Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Session uses Database
Session uses Database
  • El Forum
    Guest
  •  
#1
03-03-2010, 10:29 AM

[eluser]Iwasignited[/eluser]
Hello everyone,
I have just found this in my config.php
Code:
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_sessions';

Im wondering what 'session uses database' for?

Looking forward to hearing from you soon,
Thanks Smile
  • El Forum
    Guest
  •  
#2
03-03-2010, 10:40 AM

[eluser]Iwasignited[/eluser]
I believe this is a security feature but dont know how it works. Someone explain please.
Regards.
  • El Forum
    Guest
  •  
#3
03-03-2010, 11:12 AM

[eluser]nelson.wells[/eluser]
Sessions are normally stored in cookies with CodeIgniter's session library. If the cookie is unencrypted, a user could theoretically change the values and those values would reflect in the session data on the site. If you turn "sess_use_database" to true, then CodeIgniter's session class will check the values in the cookie against the values in the database.

If they match, then the user hasn't altered their session cookies, and your site is safe and secure in that sense. If they don't match, then the user has attempted to alter their session data, but since it is checked against the database, they aren't allowed. However, I haven't ever ran into this actually happening, so I'm not sure how CI handle's mismatches between the cookie and the database.

Hope that helps.
  • El Forum
    Guest
  •  
#4
03-03-2010, 08:34 PM

[eluser]Iwasignited[/eluser]
I turn my session encrypt on so I dont need it right?
  • El Forum
    Guest
  •  
#5
03-04-2010, 01:31 AM

[eluser]Aljebrini[/eluser]
you can use this feature well by creating session table in your application DB, after that you have to change yous config file and set

Code:
$config['sess_use_database']    = TRUE ;

After that the system will save all sessions information into your database, you can read more about session in the user guide here
http://ellislab.com/codeigniter/user-gui...sions.html
  • El Forum
    Guest
  •  
#6
03-04-2010, 01:48 AM

[eluser]stommert[/eluser]
Hi,

Database session may come in handy when you are scaling your webapp over multiple webservers.
You don't have to worry about transferring session data from one webserver to an other.
  • El Forum
    Guest
  •  
#7
03-04-2010, 08:44 AM

[eluser]joao.sobrinho[/eluser]
Using the data base, you also don't have the problem about space... cookies only take about 4KB of space. encrypting the data, also makes it bigger than the unencrypted data..

You must look at the needs of your application and thing in the solution that best suits you.




Theme © iAndrew 2016 - Forum software by © MyBB