Welcome Guest, Not a member yet? Register   Sign In
flash_data safety
#11

[eluser]WanWizard[/eluser]
It has the option (out of the box) to use the database for sessions.

You just can't make it default because that requires a database connection and a sessions table, for which you have to do some configuration work. While your at it, enabling database sessions is modifying 2 config lines extra. Big deal.

I personally don't see the advantage of native sessions. I get one database SELECT and one database UPDATE per page request, both taking 0.001 second. I can easily scale my web frontend without having to worry about native session sharing across webservers. I also use the session table to get statistics about logged in users (how many, how long, idle time, etc.) which is much easier to do with a database table than with native sessions.
#12

[eluser]cahva[/eluser]
Every vhost should have its own directory for sessions (usually their own tmp dir) so this sharing across webservers is not a problem(hasnt been for years).

I meant that by default, CI should use native sessions, not cookies. Native sessions are secure and they work very nicely. Using cookies for session data is just dum. I dont know what mushrooms CI devs have eaten when they decided to disregard native session and go for the cookies instead..
#13

[eluser]Burak Guzel[/eluser]
Derek explains a bit in the comments here:

http://www.derekallard.com/blog/post/enh...n-library/

But yeah, I have to disagree with this implementation. Native sessions, which many programmers are used to, have a certain level of security. The default setup of the session library takes that away.




Theme © iAndrew 2016 - Forum software by © MyBB