flash_data safety

It has the option (out of the box) to use the database for sessions.

You just can't make it default because that requires a database connection and a sessions table, for which you have to do some configuration work. While your at it, enabling database sessions is modifying 2 config lines extra. Big deal.

I personally don't see the advantage of native sessions. I get one database SELECT and one database UPDATE per page request, both taking 0.001 second. I can easily scale my web frontend without having to worry about native session sharing across webservers. I also use the session table to get statistics about logged in users (how many, how long, idle time, etc.) which is much easier to do with a database table than with native sessions.

Every vhost should have its own directory for sessions (usually their own tmp dir) so this sharing across webservers is not a problem(hasnt been for years).

I meant that by default, CI should use native sessions, not cookies. Native sessions are secure and they work very nicely. Using cookies for session data is just dum. I dont know what mushrooms CI devs have eaten when they decided to disregard native session and go for the cookies instead..

[eluser]Burak Guzel[/eluser]
Derek explains a bit in the comments here:


But yeah, I have to disagree with this implementation. Native sessions, which many programmers are used to, have a certain level of security. The default setup of the session library takes that away.

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.