Which session library should I use with CodeIgniter?

Question

Hi everyone,

I have recently started using CI and with it CI sessions, but I have noticed that one thing in particular is much more time consuming to do with CI sessions than with the base PHP sessions: Arrays.

I have an array of data that persists regardless of login/logout called $_SESSION['stats'], I then store data in that array in the form:

$_SESSION['stats']['last_page'] = $_SERVER['REQUEST_URI'];.

And when a user logs out, it saves the stats array in a variable, clears the session, and then loads it back into the new session.

The problem is that in order to edit the last_page key, instead of the one line above, I have to use this code:

$stats = $this->CI->session->userdata('stats');
$stats['last_page'] = $_SERVER["REQUEST_URI"];
$this->CI->session->set_userdata('stats', $stats);

This is one of a number of annoyances I find in CI sessions, which cause me to feel dissatisfied with it as my session handler. So my question is: Which session system should I use with CodeIgniter?... is there some reason for using CI sessions? Is there a CI library that you would suggest? Why not just use PHP sessions?

Thanks,

Lemiant

Answer 1

It sounds like you are using a bread crumb method.

This may help, http://codeigniter.com/forums/viewthread/137949/

And to answer your other question, yes there is a very good reason to use the CodeIgniter session library. I use it because I need to store user session data in my database (safer) and the library comes with the ability to encrypt the cookies and if global XSS filtering is on, then the data will also be scrubbed too.

Answer 2

CI sessions offers some extra functionality; such as auto regenerating the session id every given amount of time (for security), IP address tracking, and flashdata (session data that's cleared after it's read once).

CI's session mechanism stores all the data in a cookie. PHP's native session mechanism is stored server side. Each have it's advantages/disadvantages. Cookies can only hold 4KB of data, so if your storing large amounts of data in session PHP native sessions might be better.

If you decide to you want to use native PHP sessions use: Session Hybrid (CI 1.7.2)

Session Hybrid uses native PHP sessions, can store session data in the default CI db, is a drop-in replacement for CI’s session class, and only requires one file to be rewritten.

[* If using a CI version before 1.7.0 try PHPSession and Native Session]

Side note: If you choose to stay with CI's sessions, for additional security you can store sessions in a database and encrypt the cookies (see Session Preferences).