Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Will codeigniter delete old sessions with dynamic expiration?
Will codeigniter delete old sessions with dynamic expiration?
  • El Forum
    Guest
  •  
#1
02-04-2013, 05:28 AM

[eluser]Sandro87[/eluser]
Let's say the static configuration has this
Code:
$config['sess_expiration']      = 7200;
$config['sess_expire_on_close'] = FALSE;

but you dynamically set a session cookie to last longer if the user has set a "remember me" feature inside your app

Code:
if ($this->input->post('remember_me')) {
                $this->session->sess_expiration = 0;
}

Exploring the Session class I noticed this code inside _sess_gc()

Code:
$expire = $this->now - $this->sess_expiration;

$this->CI->db->where("last_activity < {$expire}");
$this->CI->db->delete($this->sess_table_name);
if $this->session_expiration comes from the global config wouldn't this mean that sessions manually set to never expire will eventually get deleted by the garbage collector thus making your "remember me" feature useless?

Do you know another way to keep using dynamic expiration with the GC to delete actual expired session only? Do I need to extend with custom classes?
Or do you think it's best practice to create a custom session/cookie class dedicated to persistent login?
I thought since the session is already there (and secure) why not use it? Tongue It's basically GC that can ruin everything.
  • El Forum
    Guest
  •  
#2
02-04-2013, 11:13 AM

[eluser]InsiteFX[/eluser]
I just use a remember me cookie and always destroy the sessions on browser close.

If the cookie exists on the client system then I log the user back in.
  • El Forum
    Guest
  •  
#3
02-04-2013, 11:30 AM

[eluser]Harold Villacorte[/eluser]
Have you tried dynamically changing the [sess_table_name] and using a separate table for "remember me" data?
  • El Forum
    Guest
  •  
#4
02-04-2013, 11:37 AM

[eluser]Sandro87[/eluser]
[quote author="Harold Villacorte" date="1360002657"]Have you tried dynamically changing the [sess_table_name] and using a separate table for "remember me" data?[/quote]

I haven't tried that but I guess I'm just gonna develop a standalone method with cookies while still using the built-in sessions.
  • El Forum
    Guest
  •  
#5
02-04-2013, 12:19 PM

[eluser]Harold Villacorte[/eluser]
Just so we are both clear on what I meant, I was talking about something like this:
Code:
if ($this->input->post('remember_me')) {
    $this->session->sess_table_name = 'ci_sessions_remember';
    $this->session->sess_cookie_name = 'ci_session_remember';
    $this->session->sess_expiration = 0;
    $this->session->set_userdata('set_persistent_data_here');
}
CI won't know anything about this table until you run that code. You can also dynamically change config array items like this:
Code:
$this->config->set_item('item_name', 'item_value');
Cheers.
  • El Forum
    Guest
  •  
#6
02-04-2013, 01:08 PM

[eluser]Sandro87[/eluser]
Yes I got it but since to act on the new table I have to develop some code anyway I'll just use cookies and connect them internally to standard sessions.

Basically a "login token" method.
  • El Forum
    Guest
  •  
#7
02-04-2013, 01:47 PM

[eluser]Harold Villacorte[/eluser]
Well I have no idea what your application looks like, but I do believe what I am suggesting is an easy and secure way of creating a new cookie. Cheers eh.




Theme © iAndrew 2016 - Forum software by © MyBB