[eluser]Sandro87[/eluser]
Let's say the static configuration has this
Code:
$config['sess_expiration'] = 7200;
$config['sess_expire_on_close'] = FALSE;
but you dynamically set a session cookie to last longer if the user has set a "remember me" feature inside your app
Code:
if ($this->input->post('remember_me')) {
$this->session->sess_expiration = 0;
}
Exploring the Session class I noticed this code inside _sess_gc()
Code:
$expire = $this->now - $this->sess_expiration;
$this->CI->db->where("last_activity < {$expire}");
$this->CI->db->delete($this->sess_table_name);
if $this->session_expiration comes from the global config wouldn't this mean that sessions manually set to never expire will eventually get deleted by the garbage collector thus making your "remember me" feature useless?
Do you know another way to keep using dynamic expiration with the GC to delete actual expired session only? Do I need to extend with custom classes?
Or do you think it's best practice to create a custom session/cookie class dedicated to persistent login?
I thought since the session is already there (and secure) why not use it?
It's basically GC that can ruin everything.