Removing ci_session

[eluser]Daniel Samuels[/eluser]
Hello,

With the UK Cookie Laws now coming into place in the UK, we're looking at removing any unnecessary cookies from our system. We've noticed that CodeIgniter sets a ci_session cookie on every request, or at least re-sets it if you delete it. What does this cookie actually do? Is it required for any particular aspects of using the framework, are there libraries, helpers or models which depend on it? Is there a way to disable it?

Thanks,
Daniel.

[eluser]Samus[/eluser]
[quote author="Daniel Samuels" date="1339498605"]Hello,

With the UK Cookie Laws now coming into place in the UK, we're looking at removing any unnecessary cookies from our system. We've noticed that CodeIgniter sets a ci_session cookie on every request, or at least re-sets it if you delete it. What does this cookie actually do? Is it required for any particular aspects of using the framework, are there libraries, helpers or models which depend on it? Is there a way to disable it?

Thanks,
Daniel.[/quote]
it's only needed if your site uses sessions.

i.e if you have a user base which can register and log into your website

EDIT: I honestly don't think all 'cookies' breach that law, I believe it's only in the situation of when a site uses cookies to track a user.

[eluser]Daniel Samuels[/eluser]
We use our own user authentication system, which makes use of cookies. The problem I have is that I can't find a way of stopping ci_session from getting set, even setting the name of it to nothing still causes it to be set, but with a blank name.

[eluser]Samus[/eluser]
[quote author="Daniel Samuels" date="1339506202"]We use our own user authentication system, which makes use of cookies. The problem I have is that I can't find a way of stopping ci_session from getting set, even setting the name of it to nothing still causes it to be set, but with a blank name.[/quote]
Two ways.

First you need to find where it's being loaded.

That can either be in application/config/autoload.php

or from within one of your controllers.

If it's in autoload.php just scroll down until you see something like '$autoload['libraries']' then remove 'session' from the array

if it's in your controller, it'll look something like '$this->load->library('session');' just remove that

But bare in mind, if your site is using ci sessions, this will break your authentication system

[eluser]Daniel Samuels[/eluser]
Yup, removing session from autoload.php got it - not sure how I managed to miss that honestly. Unfortunately it does look like we use flashdata which relies on the session library.
While the cookies are not 'illegal', we just need to put a list together of the cookies which are used and explain what they do, removing any unneeded cookies in the process - it's a nice way to tidy up our cookies.

Thanks for your help.

[eluser]skunkbad[/eluser]
In Community Auth I was able to come up with a solution that allows me to autoload the session library, but have it not set a cookie unless there is a need to. I'm on my stupid iPad, or I'd point you to some specific code.

[eluser]skunkbad[/eluser]
Here is the commit:
https://bitbucket.org/skunkbad/community...c1632a7eb0