Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Advantages/Disadvantages of using $_SESSION instead of cookies
Advantages/Disadvantages of using $_SESSION instead of cookies
  • El Forum
    Guest
  •  
#1
11-02-2012, 12:51 AM

[eluser]Florian Müller[/eluser]
Hi CodeIgniter's!

First of all (this is my first post) I wanted to thank you for your great Framework! It makes work so much easier Wink

But now, I've got a question about the provided Session Library (I am sure this question may have been discussed already, but I didn't find a Topic to that):

Why is the Session Library using Cookies instead of PHP's native session?

As you described here (http://ellislab.com/codeigniter/user-gui...sions.html), using cookies is "offering more flexibility for developers.". How is that meant?
As I recently developped my last site, I struggled over the Cookie Limit of 4KB, on which I had some time to find out it was the problem...

Just in this context: My Session Data may have more than 4KB of data, so I am going to change that just for myself. Only to ask - would it be enought to overwrite just userdata() and set_userdata(), or do I have to check the whole Library?

Thank you so much for your Answers!

Regards from Switzerland,

Florian
  • El Forum
    Guest
  •  
#2
11-02-2012, 10:03 AM

[eluser]WanWizard[/eluser]
This is an apples and pears discussion.

A cookie is a small piece of data stored client-side, and exchanged between server and client on each request and response. A session is (usually) server side storage to maintain application state in a stateless environment.

To be able to maintain state, the application needs to be able to determine which session data belongs to which session. And to do so, it uses a session id which is stored in a cookie. No matter what session solution you use, this mechanism is always used (there are some alternatives which store the session id in the query string, but that's not really a good solution).

CI has the option to store session data in the cookie so you don't need to use any server side storage. This can be required if you're in a situation that hasn't got any. As the cookie is encrypted, it's also more secure that using PHP sessions on a poorly configured shared server (which you won't know until your application gets hacked).

As CI is meant to be as flexible as possible, and run on a huge range of different setups without (much) configuration, CI comes out of the box with cookie based sessions enabled (as that is they only option without server dependencies).

This doesn't mean it's the best option to use. In most cases, server side storage is a better solution, and which one depends on your situation, your server environment, and the applications requirements. This could be file based, database based, or a solution like Redis or Memcached.

To do so (except for database storage) you currently require third party solutions. In the next CI version, the session backend will be driver based, so you can use a driver that talks to whatever backend you want.
  • El Forum
    Guest
  •  
#3
11-05-2012, 06:02 AM

[eluser]Florian Müller[/eluser]
[quote author="WanWizard" date="1351875797"]In the next CI version, the session backend will be driver based, so you can use a driver that talks to whatever backend you want.[/quote]

Is there any information available, when this version will be rolled out?




Theme © iAndrew 2016 - Forum software by © MyBB