CodeIgniter sessions vs PHP sessions

匿名 (未验证) 提交于 2019-12-03 01:12:01

问题:

I'm relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP's $_SESSION variable to this end. However, CI seems to have its own session mechanism, which it claims is "better"

CI's session mechanism seems to store all the data in a cookie? Personally I like the idea of all the data being stored on the server, accessed with a cookie-key like PHPs native session mechanism... Am I being dumb thinking that's better? Should I just accept CI's mechanism? Or should I go ahead and use native PHP sessions?

What do you guys do?

Thanks,
Mala

回答1:

In my experience with CI I've encountered some anomalies with its sessions, but for most day-to-day needs the library is good and easy to work with. As it was pointed out, Flashdata is a very nice feature.

If you choose to stay with CI's sessions, I'd strongly suggest to store sessions in a database and, additionally, encrypt cookies:

$config['sess_encrypt_cookie'] = TRUE; $config['sess_use_database']   = TRUE; $config['sess_table_name']     = 'sessions'; 

The database structure should be as follows:

CREATE TABLE IF NOT EXISTS  `sessions` (     session_id varchar(40) DEFAULT '0' NOT NULL,     ip_address varchar(16) DEFAULT '0' NOT NULL,     user_agent varchar(50) NOT NULL,     last_activity int(10) unsigned DEFAULT 0 NOT NULL,     user_data text NOT NULL,     PRIMARY KEY (session_id) ); 


回答2:

The manual says more flexibility rather than better ;-)

I presume the main benefit of CodeIgnite session class is that it integrates with the framework and it offers a few extra functionality, such as IP address tracking and what it calls flashdata (session data that's erased as soon as it's read). If you are using a framework in the first place that means these options may be attractive for you.

Whatever, you can also save session data into a database:

http://codeigniter.com/user_guide/libraries/sessions.html



回答3:

Keep PHP session for important information and use CI session for less important info.

Read here wyh.http://codeigniter.com/forums/viewthread/130577/



回答4:

I know this is an older post, but I feel it is worth sharing what I have found.

Since CI uses a cookie based approach ( even with database storage ) it causes a problem for my particular app which serves data to remote clients requesting data through curl. The bottom line is Cookies and Cross Site Scripting, although manageable, do not play well together.

I chose to try to override the native Session.php class provided by CI with my own MY_Session.php. I was happy to find this wasn't too difficult, but was surprised to find that CI was regenerating session id even though my script explicitly provided them.

According to the CI manual

The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)

Although I can probably find a way to override this, I am wondering if it wouldn't be much easier to revert back to PHP sessions.

Just food for thought if you're going to use CI.



回答5:

CI sessions has Storage size limitations

As you are aware , CI sessions are cookies basically, whether you encrypt it or not. As far as security is concerned both have its on pros and cons.

My concern was the size limit of CI sessions, It can hold only 4 kb data as its basically a cookie, while Native PHP session only stores reference id on cookie and all the session data is stored in server memory. This comes handy when you have a larger number of items need to be stored in a session.

Say a shopping cart with more items, or a user music playlist with more than 50 tracks... etc.

I hope this information helps someone some day.

Cheers..!!



标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!