Welcome Guest, Not a member yet? Register   Sign In
Do Codeigniter people simply have no f*cking clue?
#1

[eluser]behnampmdg3[/eluser]
Don't get me wrong. I am just quoting. I am a big CI fan but this is the third time I am running into something like this. If there is anyone who can do reply to this guy in It's Devshed Forum, then write something. My whole business is based on sessions!
Code:
$config['sess_cookie_name']        = 'ci_ses_C-FlatmateSES';
$config['sess_expiration']        = 720000;
$config['sess_expire_on_close']    = FALSE;
$config['sess_encrypt_cookie']    = TRUE;
$config['sess_use_database']    = FALSE;
$config['sess_table_name']        = 'ci_ses_C-FlatmateSES';
$config['sess_match_ip']        = FALSE;
$config['sess_match_useragent']    = TRUE;
$config['sess_time_to_update']    = 300;
Quote:If CI lets you use standard sessions instead of their homegrown stuff, please do that. I haven't read the whole code, but what I've seen is f*cked up badly. They don't even lock the sessions to prevent concurrent requests from trampling each other. The so called "encryption" is also one of worst things I've seen in this area. The so called "key" is derived from the serialized session parameters (session ID, IP address etc.). And after they've made sure to screw up every aspect of cryptography (they even halve the key length), they store this very key data next to the "encrypted" data. What-the-f*ck?

This isn't a key under the doormat. It's a key in the door lock with a sign saying "I'm on vacation for the whole year".

Was the NSA involved in the development of CI? Is this the next Dual Elliptic Curve Deterministic Random Bit Generator? Or do those people simply have no f*cking clue?

For the future, consider using a different framework ...


It's here
#2

[eluser]InsiteFX[/eluser]
1) For one I told you before that if you have an underscore in the session cookie name that all your clients that are using IE web browsers will fail!

2) Nothing say's that you have to use CI Session's use what ever you want!

I have used CI Session's since 2009 and have never had a problem with them outside of what I stated above about IE. IE converts the underscore to a tab char, that's why it wont work!

If you do not like CI then find another framework.
#3

[eluser]Narf[/eluser]
The Session library does indeed have many flaws.
CI 3.0 will fix quite a lot of them and also introduce a "native" driver that utilizes PHP's own basic sessions.
No, the NSA was not involved - whoever wrote the session library years ago just didn't do it properly, the only reason it is being kept is for backwards compatibility.

@InsiteFX

The underscore problem is fiction, IE has no problems with it. This confusion comes from a MS support reply to somebody who did have a problem with underscores, but in the cookie_domain, not the name. This is completely natural as underscores are not allowed in domain names.
If you had a problem with underscores and it got "resolved" by removing the underscore from the cookie name, then it was simply a name collision and nothing else.
#4

[eluser]jonez[/eluser]
[quote author="Narf" date="1389812095"]CI 3.0 will fix quite a lot of them and also introduce a "native" driver that utilizes PHP's own basic sessions.[/quote]
The native session driver in CI3 is awesome. Kudos to whoever wrote that.

Quote:I have used CI Session’s since 2009 and have never had a problem with them outside of what I stated above about IE.
If you try to write a single page app behind a login you will have problems in 2.x. CI3's native driver fixed all of the issues I had in 2.x.

@behnampmdg3 I've never found cookies reliable for complex data (sessions or anything else). Using database sessions is better then cookies, but CI3 native is better then both.
#5

[eluser]Alucemet[/eluser]
It is probably your code, and not CI that is giving you problems. Like InsiteFX and many others, I've been using CI sessions for years without problems.
#6

[eluser]jmadsen[/eluser]
Virtually everyone I have ever known who has a large application, or a more complicated setup, has had issues with CI sessions & been forced to do a major rewrite or simply replace the library. (ex - I believe race conditions have not been fully sorted out, although Narf may have dealt with that in 3.0 - haven't looked closely at that library yet)

I think this is a fundamental flaw of CI that wasn't obvious until recently (although it had been discussed for a long time) - the Core Team is forced to be an expert on everything, rather than just simply finding the best session library available and using it. Therefore no matter how smart and dedicated thet are, CI is never getting the best possible.

I say this not to slam the CI core team, but to help explain to people the recent love affair with "component frameworks" or whatever you want to call them
#7

[eluser]behnampmdg3[/eluser]
Where do you guys read about CI3 ?
Where is the docs?
When will it be out?

Thanks
#8

[eluser]InsiteFX[/eluser]
CI 3.0
#9

[eluser]behnampmdg3[/eluser]
[quote author="InsiteFX" date="1390344345"]CI 3.0[/quote]Thank you. What does this mean when it says it is not stable?

Thanks
#10

[eluser]ivantcholakov[/eluser]
@behnampmdg3

[quote author="behnampmdg3" date="1390344040"]Where do you guys read about CI3 ?
Where is the docs?
When will it be out?

Thanks[/quote]

Documentation for CI 3.0 at the moment:

https://github.com/EllisLab/CodeIgniter/..._guide_src

https://github.com/EllisLab/CodeIgniter/...src/source

When CI 3.0 will be out - nobody knows for sure.

Quote:Thank you. What does this mean when it says it is not stable?

As code quality CI 3.0 is actually stable (my personal experience, I don't use CI 2.x).

It is formally unstable, there is no official release. So I accepted the situation that some new features (or relatively big changes) might appear at any moment, and that may require some refactoring in my projects.




Theme © iAndrew 2016 - Forum software by © MyBB