tags:

views:

1500

answers:

3
+2  Q: 

CodeIgniter sessions vs PHP sessions

Hi

I'm relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP's $_SESSION variable to this end. However, CI seems to have its own session mechanism, which it claims is "better"

CI's session mechanism seems to store all the data in a cookie? Personally I like the idea of all the data being stored on the server, accessed with a cookie-key like PHPs native session mechanism... Am I being dumb thinking that's better? Should I just accept CI's mechanism? Or should I go ahead and use native PHP sessions?

What do you guys do?

Thanks,
Mala

+1  A: 

The manual says more flexibility rather than better ;-)

I presume the main benefit of CodeIgnite session class is that it integrates with the framework and it offers a few extra functionality, such as IP address tracking and what it calls flashdata (session data that's erased as soon as it's read). If you are using a framework in the first place that means these options may be attractive for you.

Whatever, you can also save session data into a database:

http://codeigniter.com/user_guide/libraries/sessions.html

Álvaro G. Vicario  2010-01-05 11:29:38
+4  A: 

In my experience with CI I've encountered some anomalies with its sessions, but for most day-to-day needs the library is good and easy to work with. As it was pointed out, Flashdata is a very nice feature.

If you choose to stay with CI's sessions, I'd strongly suggest to store sessions in a database and, additionally, encrypt cookies:

$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database']   = TRUE;
$config['sess_table_name']     = 'sessions';

The database structure should be as follows:

CREATE TABLE IF NOT EXISTS  `sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(50) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id)
);
Cinnamon  2010-01-05 12:45:51
Sessions in the database are your best bet for optimal security with codeigniter.
Tom Schlick  2010-01-05 15:38:55
Thank you. Upon more research I found that one should remove the underscore from the session cookie name, as this causes IE to choke.
Mala  2010-01-06 09:13:24
+1  A: 

Keep PHP session for important information and use CI session for less important info.

Read here wyh.http://codeigniter.com/forums/viewthread/130577/

shin  2010-01-05 14:30:17

related questions

What is typically the length of your optimal coding session?
What's the most current, good practice, and easiest way to use sessions in PHP?
What can cause an ASP.NET worker process to be recycled?
How do I explicitly set asp.net sessions to ONLY expire on closing the browser or explicit logou?
session variable mixup in ASP.NET?
In Classic asp, can I store a database connection in the Session object?
What are the advantages and disadvantages of the Session Façade Core J2EE Pattern?
Different values of GetHashCode for inproc and stateserver session variables
Best way for allowing subdomain session cookies using Tomcat
Is there a way to specify a different session store with Tomcat?
PHP: $_SESSION - What are the pros and cons of storing temporarily used data in the $_SESSION variable
What is the best way to handle sessions for a PHP site on multiple hosts?
How much data can/should you store in a users session object?
ASP.Net Session_Start event not firing
Logging image downloads
ASP.Net: If I have the Session ID, Can I get the Session object?
Secure session cookies in ASP.NET over HTTPS
Django Sessions
Can I put an ASP.Net session ID in a hidden form field?
Always including the user in the django template context
Rails - recovering database from Production.log
Most efficient way to get data from the database to session
What is the best way to prevent session hijacking?
FOSS ASP.Net Session Replication Solution?
How do I best detect an ASP.NET expired session?