CI Session Encryption and Database Field Length

[eluser]Paul Skinner[/eluser]
Also, as you were being a bit of a pedant about one of my sentences earlier I'd like to point out that:

[quote author="InsiteFX" date="1300493068"]NO! user_data form the session user_data field is stored in the session cookie![/quote] technically means that it *is* stored in the session cookie, but I understood anyway.

[eluser]guidorossi[/eluser]
Well, I think that the user_data IS stored in the session cookie...

You can check this by not encypting the session data and see the content of the cookie in the browser...

[eluser]InsiteFX[/eluser]
It is only stored in the session cookie if you are not using database sessions!

And a cookie can only hold 4Kb now calculate that out using utf8.

InsiteFX

[eluser]InsiteFX[/eluser]
Now you tell me how you can read my session cookie when I am using database sessions with a 32-bit encryption key!

Code:

NAME  cisession
VALUE  tlrfDUGwqRP7CzRu7iLUd+yF+J7JjSvyKG/aVadGVbzSujCA/1dBq98j8CfbHcK1c9Px7c6IhlpQpZsnDgf8rDTbYJyZhzThvL+4n+lHuA/JvPVAqNQqw6ledgEcSdkekxn+Cu7eqBgPgpRd6ZT93kmm7mLS2E8AkFVB9nsJjowNEPrwIQEKNfCHmyKa1EKMLWNeQy/OKNhuG/OeWk2G5GLIpNTmVraNa6x/u6WODDO7Cy58U9ME9pgzEpY2iAMIl1GvNp1QiKwR2b/SnH/MB25HtpkHgfeIWQ0k2xiwQl6k5j8B3qJW27K+8mPkQt2SYul7kinxTvmlHl1f2Wqk9Q==
DOMAIN  localhost
PATH  /
EXPIRES  3/19/2011 12:30:02 AM

InsiteFX

[eluser]InsiteFX[/eluser]
And here is my session cookie with encryption turned off but using database sessions!

Code:

NAME  cisession
VALUE  a:4:{s:10:"session_id";s:32:"e0ed785173bddae7fe0df9311f875901";s:10:"ip_address";s:9:"127.0.0.1";s:10:"user_agent";s:50:"Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;";s:13:"last_activity";i:1300502195;}6f887b31608ecc551ea62454ae59918f
DOMAIN  localhost
PATH  /
EXPIRES  3/19/2011 12:36:48 AM

So you show me were my user_data is!

That should clear it all up! Use database sessions period!

InsiteFX

[eluser]guidorossi[/eluser]
well...obviously if you're using encryption you can't read the cookie, but try with no encryption...

You can print

Code:

print_r(get_cookie('ci_session'));

[eluser]InsiteFX[/eluser]
I just posted above with no encryption!

You will only see the user_data if you only use session cookies without encryption!

InsiteFX

[eluser]guidorossi[/eluser]
[quote author="InsiteFX" date="1300520488"]I just posted above with no encryption!

You will only see the user_data if you only use session cookies without encryption!

InsiteFX[/quote]

Sorry, my mistake....
I think you meant without database, but I understand...

I misunderstood the user_data thing... I was thinking about ip, browser, activity date, etc...

Now I understand that you meant the database field with the custom user data saved.

Sorry. You're right about that

[eluser]InsiteFX[/eluser]
I always use database sessions because it doe's not store the user_data in the cookie and I always use a 32-bit encryption key.

InsiteFX