Login

natefrogg028 · 12-30-2015, 05:06 PM

Hi,

This might be one for the admins/devs at BCIT but I'm confused about the apparent backtrack in the way we're handling session data from v2 to v3.

As far as I was aware when using v2, best practice was to use the Session Class for everything (creating, amending, reading, deleting/unsetting). In fact the documentation evens reads "Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers."

However when reading the new documentation it looks like we're being given two options (support for the old v2 way and hinting at using the traditional method [$_SESSION]) - this makes me think that by the time the next big release comes out we'll be expected to use only $_SESSIONs. I'm fine with this, just wondering if I could get some clarification on the subject?

As far as I can tell from looking through the new docs, this class has had the biggest overhaul.

Thanks for any contributions.

skunkbad · 12-30-2015, 05:51 PM

It is my understanding that in v3 the session handing is done through php sessions, but that the way it is implemented it can be switched from a file based session, which is what I think you are familiar with, to other types of sessions. For instance, when you use database based sessions, php sessions are simply handled differently, writing to the database instead of a file. If I'm wrong about this, then somebody will probably correct me.

Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3

***kilishan*** · 12-30-2015, 09:33 PM

In CI2, the Session library was simply another class that was used instead of PHP sessions, IIRC. In CI3, the native PHP session handling functions are used behind the scenes, and the Session library adds additional features on top of it, like Flash and Temp session variables, etc.

However, it's not using native PHP sessions in the way that I believe you're thinking about it. Instead, session_set_save_handler is used to specify one of the drivers should be used to handle the saving and retrieving of session values. Because PHP knows about the class, though, you can use $_SESSION just fine, once the session has been started.

Support Development • CodeIgniter 4 Foundations • Practical CodeIgniter 3 • CodeIgniter Tutorials

natefrogg028 · 12-31-2015, 04:41 AM

Good morning - After a frustrating sleep filled with CI libraries and php tags I think I've got my head around it all.
i think the main issue with my misunderstanding is that I've not read the docs thoroughly enough, or the good people at BCIT haven't explained the change in enough detail. (That said, it may have been covered in a change log, but I don't really read those)
It's one of those strange thing where it works, and I just wanted to understand HOW it worked. I think I was looking for something more than native PHP sessions.

TL Big Grin

R; use PHP sessions, CI online and inline docs/comments should be updated a bit.

mike7418 · 12-31-2015, 05:06 AM

I'm running CI v.3.03 confusing is an understatement. I have the session library autoloaded, I get the session set but it's not holding through the site. I have a login, once you are authenticated it sets session variables to state your logged in. but once you redirect to the page the person logged in from the sessions are gone? I've done everything I can think of, I check session state through every line of code right up to where it redirects then the session variables get dropped. CI's own session handler in these later versions is a real pain. I understand the theory of why they have changed it, but it doesn't make the session class any easier to work with.

natefrogg028 · 12-31-2015, 10:29 AM

Mike,
Haven't had time to look into your problem but off the top of my head, are you trying to use the database driver? And if so, have you correctly set the table name (and created it for that matter?)

mwhitney · 12-31-2015, 11:37 AM

For the most part, the biggest changes that impact use of the session library are in the configuration of the library, and the changes to the database structure if you use the session library's database driver. The documentation covers the changes pretty well here: https://codeigniter.com/user_guide/insta...rary-usage

Otherwise, there may have been some changes to undocumented methods in the session library, but the documented methods largely still work (and the changes to the documented methods are noted at the link above). Most people have to make very few (if any) changes to their code unless they are preparing for the removal of deprecated methods which may occur in some future version of CI3, or they used the undocumented methods in the CI2 session library.

Perhaps the biggest exception here would be when using the session library's database driver, which doesn't work well with certain database settings if you're using the same database connection for your site's other database use. For example, persistent connections are not supported, and you would need to be careful with query builder caching if you're mixing other database use and session access.

Bonfire

Practical CodeIgniter 3
CodeIgniter Testing Guide

mike7418 · 12-31-2015, 04:06 PM

(12-31-2015, 10:29 AM)natefrogg028 Wrote: Mike,
Haven't had time to look into your problem but off the top of my head, are you trying to use the database driver? And if so, have you correctly set the table name (and created it for that matter?)

Nate Yes I am using the database driver, here is the config for it.

Code:
$config['sess_driver'] = 'database';

$config['sess_cookie_name'] = 'ci_session';

$config['sess_expiration'] = 3600;

$config['sess_save_path'] = 'ci_sessions';

$config['sess_match_ip'] = FALSE;

$config['sess_time_to_update'] = 300;

$config['sess_regenerate_destroy'] = FALSE;

And I used the standard DB table

Code:
CREATE TABLE IF NOT EXISTS `ci_sessions` (

        `id` varchar(40) NOT NULL,

        `ip_address` varchar(45) NOT NULL,

        `timestamp` int(10) unsigned DEFAULT 0 NOT NULL,

        `data` blob NOT NULL,

        KEY `ci_sessions_timestamp` (`timestamp`)

);

What I am looking at now is if there is something in the php.ini that I should be looking for under sessions?

This is the code i am working with. I can check session state and is keeping it right up until I do the redirect to the page that they logged in from. When I check session state at the beginning of the return page, the only variable showing is the session id, and it is the same session id from the last check state before the redirect?

PHP Code:
function authenticate($username, $password, $page) {
        // $this->load->model ( 'Db_model' );
        
        // query the db and send back result
        $authenticate = $this->authenticate_user ( $username, $password );
        // print_r($authenticate);
        if (is_array ( $authenticate )) {
            // echo 'returned from authenticating';
            // set session values
            $this->set_session_values ( $authenticate );
             var_dump($this->session->all_userdata());
            // session_commit();
            if (isset ( $_SESSION ['user_id'] )) {
                // $msg = "Sessions were set correctly";
                // $this->do_alert($msg);
                redirect ( base_url ( $page ), 'location', 301 );
            } else {
                $msg = "Error: Sessions were not set correctly.";
                $this->do_alert ( $msg );
            }
        } elseif (preg_match ( '/\bError\b/i', $authenticate )) {
            $this->do_alert ( $authenticate );
            ;
        }
    }
    function authenticate_user($username, $password) {
        // echo 'inside of authenticate_user';
        // CALL `mike7418_greyhorse`.`sp_authenticate`(<{in_username VARCHAR(16)}>, <{in_password VARCHAR(255)}>);
        $auth = $this->db->query ( "CALL sp_authenticate('{$username}')" );
        $crypt = $this->config->item ( 'encryption_key' );
        if ($auth->num_rows () > 0) {
            // foreach ( $auth->result () as $key ) {
            // $pwd = $this->encrypt->decode ( $key->password, $crypt );
            // print $pwd;
            // $pattern = '/\b' . $password . '\b/i';
            $key = $auth->row ();
            if (password_verify ( $password, $key->password )) {
                 echo "Password matched";
                if ($key->active == 0) {
                    return 'Error: Member account is not currently active.';
                } elseif ($key->blocked == 1) {
                    return 'Error: Member account has been blocked. Please contact customer service for further information';
                }
                $session = array (
                        'user_id' => $key->user_id,
                        'firstname' => $key->firstname,
                        'state' => $key->state,
                        'zipcode' => $key->zipcode,
                        'active' => $key->active,
                        'user_role' => $key->user_role,
                        'sess_expiration' => 3600 
                );
                $auth->free_result ();
                return $session;
            } else {
                return "Error: Password entered does not match";
            }
            // }
        } else {
            return 'Error: Authentication failed, please try again';
        }
    } 

***Narf*** · 12-31-2015, 08:21 PM

Oh, FFS, do we really have to replicate the whole thread here?