Which session library should I use with CodeIgniter?

CI sessions offers some extra functionality such as auto regenerating the session id every given amount of time (for security), IP address tracking, and flashdata (session data that's cleared after it's read once).

CI sessions offers some extra functionality; such as auto regenerating the session id every given amount of time (for security), IP address tracking, and flashdata (session data that's cleared after it's read once). CI's session mechanism stores all the data in a cookie. PHP's native session mechanism is stored server side.

Each have it's advantages/disadvantages. Cookies can only hold 4KB of data, so if your storing large amounts of data in session PHP native sessions might be better. If you decide to you want to use native PHP sessions use: Session Hybrid (CI 1.7.2) Session Hybrid uses native PHP sessions, can store session data in the default CI db, is a drop-in replacement for CI’s session class, and only requires one file to be rewritten.

* If using a CI version before 1.7.0 try PHPSession and Native Session Side note: If you choose to stay with CI's sessions, for additional security you can store sessions in a database and encrypt the cookies (see Session Preferences).

Thanks, for the info. I have decided to migrate back to PHP sessions, because they are easier to use. (and allow manual sesseion_regeneration) – lemiant Sep 8 '10 at 22:10.

It sounds like you are using a bread crumb method. This may help, codeigniter.com/forums/viewthread/137949/ And to answer your other question, yes there is a very good reason to use the CodeIgniter session library. I use it because I need to store user session data in my database (safer) and the library comes with the ability to encrypt the cookies and if global XSS filtering is on, then the data will also be scrubbed too.

1. Why is a database more secure? 2.

Could I just unload a variable from the CI session into $_SESSION at the start of the page and upload that variable at the end? – lemiant Sep 8 '10 at 1:34 1. Because by default CI stores session variables unencrypted in the cookie, i.e.

They are in plaintext on the user's computer. If the session variables are stored in the database then they don't get stored in the cookie. – Mike Sep 8 '10 at 4:49 @lemiant what happens is that the only thing stored on the user's local machine is an encrypted ID that only your site can use.

This hampers most attempts to session hijack. – WarmWaffles Sep 9 '10 at 2:42.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.