Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming My session is now BOTH a cookie and in the DB after a3m implementation
My session is now BOTH a cookie and in the DB after a3m implementation
  • El Forum
    Guest
  •  
#1
04-02-2012, 03:52 PM

[eluser]boltsabre[/eluser]
Hi guys,

I had my sessions set up to use the database, not the native CI cookie solution. This is my current config settings:

Code:
$config['sess_cookie_name'] = 'cisession';
$config['sess_expiration'] = 1800; // 30 mins
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'zzz_ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;

I'd built my own login/logout scripts, when when using the FireFox plugin Webmaster Tools "Clear Session Cookies" it used to completely clear the session, and doing a refresh of the page would redirect me back out of restricted areas, display the "login or register" message, etc.

Now I've just implemented a3m marshmallow on my CI2 website (development), and now I have to also "Delete Domain Cookies" to get my user logged out - I now have my session details writing to the session table AND being stored as a cookie.

Anyone care to wage a guess whats going on here??? Could it be that I've moved from my xampp local host to a virtual host, or something else, I'm completely stumped as I didn't change anything to do with my sessions...
  • El Forum
    Guest
  •  
#2
04-03-2012, 07:49 AM

[eluser]boltsabre[/eluser]
bump... anyone got any ideas???
  • El Forum
    Guest
  •  
#3
04-03-2012, 03:52 PM

[eluser]cartalot[/eluser]
unless i'm not understanding you --
the CI session always uses a cookie
using a database for session is optional -- it provides more storage space then a cookie
( unless you have a session id in your links, a cookie is the only way to keep track across pages)

to completely end a CI session you just need this in your controller

Code:
$this->session->sess_destroy();

or to unset a specific item like 'login'
Code:
$this->session->unset_userdata('login');
  • El Forum
    Guest
  •  
#4
04-04-2012, 01:23 AM

[eluser]WanWizard[/eluser]
Any session mechanism will always use a cookie.

It's the only way (apart from passing an id as a GET variable in the URL) to maintain state in a stateless environment...
  • El Forum
    Guest
  •  
#5
04-04-2012, 12:48 PM

[eluser]CroNiX[/eluser]
The session details get stored in the database. The cookie (should) only have the session ID stored in it if you use database sessions, although it would be encrypted. This is needed so your app can get the correct data from the session table between page loads (get session ID from cookie, retrieve database where session id is equal to session id in the cookie).

Using session:Confusedess_destroy() when logging out should remove the cookie as well as the session data from the database for that users session instance.




Theme © iAndrew 2016 - Forum software by © MyBB