session class of CI

[eluser]vas13[/eluser]
Hi to all,

While I am developing my web blog I I wanted to add session into my site.

More precisely, I have implemented a captcha class that creates automatically an image so the user needs to give the confirmation string in order to be able to post a comment. As you understand I need a session mechanism so that once my program produced the confirmation string and the captcha image and send it back to the user. The user gives the string and via session cookie I retrieve locally the confirmation string which I use to evaluate it against user's input.

I read Session class provided by CI but the mechanism is a cookie one. If Understood right, a cookie is created as an associative array, you can add more elements on it but the fact is that all those data are stored in a cookie which is going to be returned back to the user.

I don't understand why CI uses the name Session for this class???

I don't want the data to be stored on the client side. I would like to store the data natively on my server and only a cookie containing a session id to be stored on the client side. Which is exactly what PHP's session mechanism provide.

Does CI provide something similar to the above??? in your case what do you do?


I appreciate any feedback from the community

Thanks in advance

V.F

[eluser]LuckyFella73[/eluser]

I would like to store the data natively on my server and only a cookie containing a session id to be stored on the client side.

Did you read the userguide section "Session Class" ? All you want to know is written
on that page. You can switch between saving all data into a cookie or database.
Set the switch in config.php and don't forget to define a session key, encrypt
session data and set up the DB table. There is even a sql block provided to help
you create the table.

In case you want to check out the build-in captcha plugin, have a look into the
plugin folder (up to Codeigniter Version 1.7.2).

[eluser]vas13[/eluser]
[quote author="LuckyFella73" date="1287692049"]

I would like to store the data natively on my server and only a cookie containing a session id to be stored on the client side.

Did you read the userguide section "Session Class" ? All you want to know is written
on that page. You can switch between saving all data into a cookie or database.
Set the switch in config.php and don't forget to define a session key, encrypt
session data and set up the DB table. There is even a sql block provided to help
you create the table.

In case you want to check out the build-in captcha plugin, have a look into the
plugin folder (up to Codeigniter Version 1.7.2).[/quote]

If I choose to store the session data into a DB table what is going to happen with the cookie file from the client's part. I think that user's cookie will still have all the date something that I want to avoid. I wish all the session data to be stored only at the server side.

Let me give it a try and I will tell you.

Thanks for your response

[eluser]InsiteFX[/eluser]
Why not just use the cookie helper and create your cookie!

InsiteFX

[eluser]WanWizard[/eluser]
@vas13,

If you use database based sessions, NO user data is sent to the client. This is clearly stated in the user guide.

The session cookie only contains the session ID, and other parameters you have configured to make the ID more unique (like IP and user_agent). The session cookie is also encrypted (always activate this!), so even if someone snoops around, they won't be able to see anything.

[eluser]vas13[/eluser]
Hi to all again,

I have finally chosen to use the build in Session mechanism provided by PHP. I just didn't want to create a table into a DB holding this way the confirmation string at the server side.

Having studied recently PHP, I would like to ask you, the approach I followed regarding where to delete the session data stored at my server. I know it's more a PHP question and not that much related to CI but I think it's worth discussing it anyways .

I have 2 pages (article_controller, contact_me controller) which contains a captcha image. As a result on those pages (controllers) I create a new session at their constructors.

The question I have it's where to delete this session (I am talking about the file created automatically by PHP) and at the same time where to delete the captcha image.

in the constructor of the above 2 controllers I have the following code

Code:

session_start();
if(isset($_SESSION['captcha_full_path']))
{     if(!unlink($_SESSION['captcha_full_path']))
         die("you can't delete the captcha files <br />");
}

So in case a user click on the refresh button or it gives an error verification code the old captcha file can be efficiently deleted.

Afterwards, inside the constructors of all the other pages I've written the following code

Code:

session_start();
if(isset($_SESSION['captcha_full_path']))
{     if(!unlink($_SESSION['captcha_full_path']))
          die("you can't delete the captcha files <br />");
            
          $_SESSION[]=array();
}
session_destroy();

So in case that the user goes to a page after having been on a page containing captcha --> the session data will be loaded to the superglobal array $_SESSION, I will delete the image and after that I will delete the session file.
Otherwise, PHP just create and delete a session file.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

My above solution it clears everything both session files created by PHP & captcha images. But It has the disadvantage of creating and deleting a session file every time a user visits a page which dosn't contain Captcha image.

How do you find my approach?? I look forward hearing ideas and thoughts.

Lastly, as for the data stored in every session I create are:

Code:

$_SESSION['confirmation_string']
$_SESSION['captcha_full_path']