Sessions, Cookies & Codeigniter?

The native codeigniter installation overrides the regular PHP session handling and uses their own system of handling the data which is the reason why you are unable to find it in the normal places. (also I would mention that I personally find the way it is implemented a little insecure since ALL of your session data is stored directly in the users browser session cookie. ) You can do as Residuum has suggested and backtrack through the codeigniter session library and find where it is being stored, or you can override the session handling with something like OB_Session.( bleakview.orgfree.com/obsession ) I would highly suggest that you install either OB_Session or something like it since it will then use the native PHP session handling and it will keep your cookies from either A) getting too large and crashing against the browser byte limit, or B) allowing sensitive user data to be stored client-side Finally, depending on what you are trying to do I would follow the CI user guide instructions and store the session data in the database.( codeigniter.com/user_guide/libraries/ses... ) This would make it MUCH easier for you to work with the data and even update and extend what is stored by Codeigniter.

Please keep in mind though that even if you store it in the database you STILL have to change to something like OB_Session since your cookie still holds all data even when changed to database.

The native codeigniter installation overrides the regular PHP session handling and uses their own system of handling the data which is the reason why you are unable to find it in the normal places. (also I would mention that I personally find the way it is implemented a little insecure since ALL of your session data is stored directly in the users browser session cookie. ) You can do as Residuum has suggested and backtrack through the codeigniter session library and find where it is being stored, or you can override the session handling with something like OB_Session.(bleakview.orgfree.com/obsession/) I would highly suggest that you install either OB_Session or something like it since it will then use the native PHP session handling and it will keep your cookies from either A) getting too large and crashing against the browser byte limit, or B) allowing sensitive user data to be stored client-side.

Finally, depending on what you are trying to do I would follow the CI user guide instructions and store the session data in the database. (codeigniter.com/user_guide/libraries/ses...) This would make it MUCH easier for you to work with the data and even update and extend what is stored by Codeigniter. Please keep in mind though that even if you store it in the database you STILL have to change to something like OB_Session since your cookie still holds all data even when changed to database.

Please keep in mind though that even if you store it in the database you STILL have to change to something like OB_Session since your cookie still holds all data even when changed to database. " - I am reasonably sure that this is no true. CI will put sessions data other than the session id in the database when enabled, not in the cookie.

Well, at least in 1.7.2. – Ferdy Feb 11 '10 at 14:24 Can anyone validate Ferdy's above comment? – Ash Jan 21 at 15:55 In Firefox install the 'Web Developer Toolkit' plugin and you will be able to directly view the cookies created (use the cookies dropdown).

You can then check it out for yourself. I know for a fact that this was happening in 1.7.1 when I moved to OB_Session and I doubt they re-wrote the entire workings of their session class for 1.7.2. Ashley, I would suggest you check for yourself just in case either of us are wrong, but I know it caused me enough concern a year or so ago to completely dump the native CI solution.

Good luck! – shanee Jan 25 at 16:25.

The cookie contains an md5 hash of the session data and the encryption key of the cookie which is verified at loading the data, see system/libraries/Session. Php, function sess_read() lines 140ff: // Decrypt the cookie data if ($this->sess_encrypt_cookie == TRUE) { $session = $this->CI->encrypt->decode($session); } else { // encryption was not used, so we need to check the md5 hash $hash = substr($session, strlen($session)-32); // get last 32 chars $session = substr($session, 0, strlen($session)-32); // Does the md5 hash match? This is to prevent manipulation of session data in userspace if ($hash!

== md5($session. $this->encryption_key)) { log_message('error', 'The session cookie data did not match what was expected. This could be a possible hacking attempt.'); $this->sess_destroy(); return FALSE; } }.

This is not directly answering to your question, but I thought it might be useful to know. Use the following to see PHP session. Print_r ($_SESSION); Use the following to see CI session.

Print_r ($this->session->userdata).

I know that codeigniter stores it's sessions as a cookie, which, from reading around I understand to be somewhat insecure. A) Is safer? B) Allows you to store more data than the 4kb limit offered by cookies?

However on the flipside I guess this will be slower for the system to retrieve, for example, in my application I regularly want to query the session data to determine if a user is logged in. Is is a good idea to store sessions in the database, or will this slow down my app considerably? Any other ideas or suggestions regarding sessions and cookies would be most appreciated.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions