• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session IDs

#1
[eluser]pickledegg2[/eluser]
I'm creating an app that remembers info about someone using a session, theres no login so I'm using the session id in a table.

My question is: Is it good practice to use session ids in databases as a user id? I'm thinking its fine, but I thought I'd check.

#2
[eluser]Lone[/eluser]
Be very very careful of the 'sess_time_to_update' setting as the session id does change by standard after 300 seconds for security reasons (make it harder to session hi-jack). This is the time the session id will actually last from the time it is generated.

Whilst this is a good security feature IMO, it does make it difficult and unwise to depend on a session id staying the same.

#3
[eluser]pickledegg2[/eluser]
Is that just for CI sessions though? or does it affect native PHP sessions? , as I'm using the latter.

#4
[eluser]Lone[/eluser]
Just for CI sessions thats correct. The native ones aren't affected by this issue however be careful as native ones don't usually last that long at times either after not being in use (27 minutes or something weird from memory?)

#5
[eluser]pickledegg2[/eluser]
thanks for your help Lone, much appreciated. I'm not too fussed about the fact that they may expire for this application, its more of a bonus than a necessity.

Thanks


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.