Introduction quoted liberally from http://bleakview.orgfree.com/obsession/
Code Igniter’s standard session library has many critics, enough to produce three or more competitors. Whatever the critics say, most have agreed that the library does provide a neat interface to session handling, is simple and intuitive to use and well documented.
Major weaknesses of the library :
Security : The User Data is stored in a cookie, client-side.
Security : The session is vulnerable to session fixation.
Usability : Enabling the session database does not actually store User-Data in the database!
Usability : Things like non-persistent sessions, flash variables and session id regeneration are not enabled.
The original reason Rick wrote the custom library was to avoid unpredictable results with PHP’s configuration and setup variances across hosts. A custom library (should) provide the developer with finer control and dependability.
Current Alternatives
PHPSession:
PHPSession utilizes PHP’s native session capabilities. PHPSession is loaded and used as a separate library, rather than replacing CodeIgniter’s Session class. It offers ‘flash’ session variables, and offers its own (very simple) api.
Native Session:
Native Session utilizes PHP’s native session capabilities. Unlike PHPSession, Native Session offers the same methods as CodeIgniter’s Session class, and is designed as a drop-in replacement. Native Session also extends the Session API to support ‘flash’ session variables and manually regenerating the session id.
DB Session
DB Session generates its own cookies and stores all session variables in a database, eschewing PHP’s native session facility. DB session is compatible with CI’s session api, and is designed as a drop-in replacement. DB Session supports ‘flash’ session variables.
OB Session
OB Session stores data either client-side in the cookie or server-side in a database table. It does not use PHP’s native session mechanism. Designed as a drop-in replacement for CodeIgniter’s session class. Easily configure non-persistent sessions, session timeouts and session auto regeneration. Supports ‘flash’ session variables and manual regeneration of the session id.
NG Session
NG Session is based on a combination of Codeignitors Session.php in version 1.6 and DBSession. NG session is compatible with CI’s session api (1.54 and 1.6) and DB Session, and is designed as a drop-in replacement. Any config option like encryption and any functionallity like flash session variables are fully supported.
When using a database, only the session_id is stored in a cookie. Any other data is stored in the database. Database and Cookiemode work fully tansparent.
KNDB Session
KNDB Session is based on Native Session (with some changes) but allows usage of database for session storage as well as PHP native storage. KNDB Session is designed as a drop-in replacement for CI’s bundled session library and supports all methods therein. Session configuration options in CI’s config.php are also supported. Only the session_id is stored in a cookie whether databases is used or not. Session expiration time and session id regeneration time are distinct and are set in the config file. Manual regeneration of the session id is also possible.
EckoSession
* Uses PHP native storage
* Drop-in Replacement for CI Session with most functions
* Works with CI Configuration options
* Uses “fingerprint” instead of Browser, IP etc. for identification
* Includes CI Flash-Function
MY_Sessions
The goal of MY_Session libraries are to extend the core CI_Session library to improves its features.
PK Session
Method to terminate session cookie when browse closes.