http://www.filepanda.com/get/argzdipm/
You also will need to make this code available to the session library. Because of its usefullness, I placed it in a helper:
/**
* Creates a very random string which is extremlely unique
*
* @access public
* @param string $string (string to hash)
* @return string (hexadecimal encoded string)
*/
function generateRandomString()
{
$string = '';
while (strlen($string) < 32)
{
$string .= mt_rand(0, mt_getrandmax());
}
return bin2hex(md5(uniqid($string, TRUE), TRUE));
}
Here are the highlights of the session library:
1. It requires a database storage mechanism; the database layout is found as comments in the last few lines of the code.
2. It generates a primary key from a random string and stores it as a cookie.
3. It generates a secondary key using a hash of the primary key appended onto browser identifier info (if available) (e.g., ‘HTTP_USER_AGENT’, ‘SERVER_PROTOCOL’, ‘HTTP_ACCEPT_CHARSET’, ‘HTTP_ACCEPT_ENCODING’, ‘HTTP_ACCEPT_LANGUAGE’)
4. In order to find an existing session, it takes the cookie and generates a second key from it. Then it searches the databse for the secondary key and any corresponding data in that row.
5. It has a regenerate id method which can and should be used upon logging a user in so as to prevent session fixation attacks.
6. It is coded with performance in mind. In order to save session data to the databse, sess_save() must be called. However, I coded this so that it is only called 1 time each run. What you must do then is insert a __destruct() method into the class and in it, call sess_save(). However to make this work, you will have to modify the codeignitor.php main file and delete the last few lines of it which close the database connection. If you don’t delete those lines, CI will close the DB connection and the session library will be unable to connect to it. Alternately, you can put sess_save() calls within the relevant methods in the session class. The obvious downside to this though is that you’ll incur a datbase hit for each save; and there could be several per run. So it’s your decision, but just remember that you have to pick one to do because left as is, nothing will be saved because sess_save() is not currently called.
Anyway, check it out, and see what you think. I’ve looked at the existing session solutions and used a combination of them all to create this and I’m somewhat proud of the result. Tell me your thoughts.
