-
Notifications
You must be signed in to change notification settings - Fork 7.6k
DB Session
Code Igniter bundles a session class, working with cookies. Unfortunately, this class stores session data directly inside the cookie, thus allowing the client to see and edit those data. Here is a replacement class that stores data in the database.
[h3]1/ Using the class[/h3]
This class works with the new and not official CodeIgniter 1.4 !
The usage is the same as the bundled Code Igniter session class. So you use it like :
[code]$this->session->set_userdata('info' => 'some thing interresting');[/code]
and get back data like :
[code]$foo = $this->session->userdata('info');[/code]
This class supports so called "flashdata" variables, which are variables that persist only for the next request. More information here.
[h3]2/ Configuration[/h3]
This class uses the same configuration directives than the original session class. So don't forget to set inside your 'config.php' :
[code]$config['sess_cookie_name'] = 'mysite'; $config['sess_expiration'] = 7200; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = TRUE; $config['sess_match_useragent'] = FALSE; $config['cookie_prefix'] = ""; $config['cookie_domain'] = ""; $config['cookie_path'] = "/";[/code]
[h3]3/ Database[/h3]
Here is the table schema needed by the new session class :
[code]CREATE TABLE IF NOT EXISTS ci_sessions (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
session_data text default '' not null,
PRIMARY KEY (session_id)
);[/code]
[h3]4/ Installing the package[/h3]
Just get the zip at http://dready.jexiste.fr/codeigniter/sessions/db_sessions.zip .
Move the file DB_Session.php in your "application/libraries" directory, and the file init_db_session.php inside you "application/init" directory. Then use the autoload feature of Code Igniter : open your "autoload.php" configuration file and add "db_session" in the core autoload array :
[code]$autoload['core'] = array('database','db_session');[/code]
[h3]5/ Inside working[/h3]
Using this class, the cookie only stores a unique session identifier. Everything else is matched from the database.