flash_data safety

#11
[eluser]WanWizard[/eluser]
It has the option (out of the box) to use the database for sessions.

You just can't make it default because that requires a database connection and a sessions table, for which you have to do some configuration work. While your at it, enabling database sessions is modifying 2 config lines extra. Big deal.

I personally don't see the advantage of native sessions. I get one database SELECT and one database UPDATE per page request, both taking 0.001 second. I can easily scale my web frontend without having to worry about native session sharing across webservers. I also use the session table to get statistics about logged in users (how many, how long, idle time, etc.) which is much easier to do with a database table than with native sessions.

#12
[eluser]cahva[/eluser]
Every vhost should have its own directory for sessions (usually their own tmp dir) so this sharing across webservers is not a problem(hasnt been for years).

I meant that by default, CI should use native sessions, not cookies. Native sessions are secure and they work very nicely. Using cookies for session data is just dum. I dont know what mushrooms CI devs have eaten when they decided to disregard native session and go for the cookies instead..

#13
[eluser]Burak Guzel[/eluser]
Derek explains a bit in the comments here:

http://www.derekallard.com/blog/post/enh...n-library/

But yeah, I have to disagree with this implementation. Native sessions, which many programmers are used to, have a certain level of security. The default setup of the session library takes that away.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.