Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Session and Cookies
Session and Cookies
  • El Forum
    Guest
  •  
#1
07-01-2010, 08:45 AM

[eluser]Ajaxian64[/eluser]
Hi,
I have a general question/remark.
---
I need session for authentification. And I would like to filter access (to some controller actions) thanks to session.
I also need flash data for quick messages
---
I do not understand why we need to use Session for flash message.
Due to this I have to set up Session for msg purpose and then when I test whether a session exist it saids me yes, and for sure it exists, but for message purposes not really for Auth purpose...
---
Am I wrong when I said that It would have been better to use 2 different mechanisms.
My feeling would be to use cookies for messages and Session for Auth (and only for this)
  • El Forum
    Guest
  •  
#2
07-01-2010, 09:39 AM

[eluser]WanWizard[/eluser]
I think you're missing the point.

Sessions are used to create state in a stateless environment. It provides server-side storage where one request can store data, and a later request can retrieve it again.
What this data is, and whether it's flash data or permanent data is imho totally irrelevant.

When it comes to authentication, all you need to know is "which user is owning this session?", so you can restore the user or logged-in context at the next reload.

We have quite an extensive security system, yet we only store 3 fields in the session secord: the user_id, the authentication_method used, and a hash value that is used for security reasons.

Yet from a session point of view, these are three variables like any other session variable. Why would you make things complicated and keep that separate from all other session variables?

Storing 'messages' in a cookie is a daft idea. Messages have only relevance server-side, why would you send them to the client?
  • El Forum
    Guest
  •  
#3
07-01-2010, 10:11 AM

[eluser]Ajaxian64[/eluser]
Ci session is cookie.
then ....
  • El Forum
    Guest
  •  
#4
07-01-2010, 10:41 AM

[eluser]WanWizard[/eluser]
CI uses a database table for session storage. The session cookie (you always need something to link the user to his/her session) only contains some key values to be able to retrieve the correct session record. It is not used to store any session data.

You can, as a fallback for environments without a database, use cookies for simple session storage. Which you should avoid if possible.

This is all explained in the manual.
  • El Forum
    Guest
  •  
#5
07-01-2010, 11:12 AM

[eluser]Ajaxian64[/eluser]
Thanks




Theme © iAndrew 2016 - Forum software by © MyBB