Code Igniter bundles a session class, working with cookies. Unfortunately, this class stores session data directly inside the cookie, thus allowing the client to see and edit those data. Here is a replacement class that stores data in the database.
(note: the original Code Igniter Session class can use a database, but only for validation purposes. The actual data is stored in the cookie itself)
1/ Using the class
This class works with the new CodeIgniter v1.4 ! (and 1.5)
The usage is the same as the bundled Code Igniter session class. So you use it like :
$this->db_session->set_userdata('info', 'some thing interesting');
and get back data like :
$foo = $this->db_session->userdata('info');
This class supports so called “flashdata” variables, which are variables that persist only for the next request. More information at Native session.
2/ Configuration
This class uses the same configuration directives than the original session class. So don’t forget to set inside your ‘config.php’ :
$config['sess_cookie_name'] = 'mysite';
$config['sess_expiration'] = 7200;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_match_useragent'] = FALSE;
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
3/ Database
Here is the table schema needed by the new session class :
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
session_data text default '' not null,
PRIMARY KEY (session_id)
);
4/ Installing the package
Just get the zip File:db sessions.zip .
Move the file DB_Session.php in your application/libraries directory, and (for CI < 1.5) the file init_db_session.php inside your application/init directory. Then use the autoload feature of Code Igniter : open your “autoload.php” configuration file and add “db_session” in the core autoload array :
For ci < 1.5:
$autoload['core'] = array('database','db_session');
For ci > 1.5
$autoload['libraries'] = array('database', 'db_session');
For CI 1.5 the init_db_session.php files is not needed. Simply rename the DB_Session.php file to Session.php and change the class name constructor function to Session. Then of course autoload or load session.
5/ Inside working
Using this class, the cookie only stores a unique session identifier. Everything else is matched from the database.
Category:SessionCategory:Libraries -> Session
Category:Contributions -> Libraries -> PHP
6/ Issues
Some people report an issue where error messages are shown when this library is being used the first time. The error messages refer to the Filename: libraries/DB_session.php and include
- Message: Undefined index: user_agent
- Message: Undefined index: ip_address
- Message: Undefined index: session_id
The fix requires changing FALSE to TRUE in the line $config[‘sess_use_database’] = TRUE; in config.php
More information in this forum thread.