Skip to content
World Wide Web Server edited this page Jul 4, 2012 · 13 revisions

Category:Libraries::Session Category:Session An attempt to provide the best of all possible session worlds. By Oscar Bajner.

This replacement class for Code Igniter session library borrows from ideas presented in Native_session and DB_session.

It attempts to retain all the benefits of the original CI implementation, adding the best features from other libs and adds several enhancements. Currently only for CI version 1.5.x or better.

[h3]Updates[/h3] The session class has been updated: 15 April 2007. Please download the latest version and update your config file sess_ entries. Changes:

  1. Added ability to send a server header before cookie is sent
  2. Added ability to set a HttpOnly cookie, for PHP version 5.2.x Only!
  3. Added ability to pass string or array data to set_flashdata()
  4. Added ability to configure garbage collect probability.

[h3] Benefits over CI_Session and DB_Session[/h3]

  • Session User Data can be stored either client-side in the cookie OR server-side in a database table.
  • Highly configurable:
  • Easily configure non-persistent sessions, session timeouts and session auto regeneration. (A non-persistent session ends on browser exit.)
  • Incorporates "Flash data" as implemented in Native_Session and DB_Session.
  • Provides function for manual session id regeneration.

[h3] Usage [/h3]

  • the same as the original CI session library - just load the library from your /application/libraries directory : $this->load->library('session');
  • access the session data via : $this->session->userdata() and $this->session->set_userdata() methods.
  • Allows regenerating the session id manually by calling session->regenerate_id()

[h3] Configuration [/h3] The original config entry for CI session is amended as follows: [code]

Session Variables

| | 'session_cookie_name' = the name you want for the cookie | 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie | 'session_expiration' = the number of SECONDS you want the session to last. | by default sessions last 7200 seconds (two hours).

Set to zero (0) for a session which expires on browser exit.
Additional config items:
'sess_storage' = Store USER DATA in 'cookie' or 'database'
Some session data is always stored in the cookie, prefixed with "session_"
Viz: "session_id", "session_start", "session_last_activity", "session_ip_address", "session_user_agent".
'sess_timeout' = session time-to-live, in seconds, set to zero for no timeout.
'sess_destroy_on_timeout' = TRUE/FALSE (boolean)
The default is FALSE, the session_id is regenerated and existing session data is saved.
'sess_update_interval' = Period in SECONDS between session updates.

| | 'sess_gc_probability' = Percentage probability of garbage collection, default = 10, 100 = always, 0 = never. | 'sess_send_hdr' = Full server header to send, default = '', no header is sent. (only one header allowed) | A typical usage would be to send a P3P compact policy as a header for MSIE 6/7. | P3P example1 : 'sess_send_hdr' = 'P3P: CP="CAO PSA OUR"'; | P3P example2 : 'sess_send_hdr' = 'P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'; | Other example1 : 'sess_send_hdr' = 'Cache-Control: private'; | 'sess_http_only' = FALSE; // NB!! Only set this to TRUE if your server runs PHP 5.2 or higher! | An HttpOnly cookie protects against XSS, the cookie cannot be accessed via javascript, supported by IE6_SP1, IE7. | Setting TRUE on PHP < 5.2 will make your cookies crumble! | */ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_encrypt_cookie'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; // [OB] additional config items: $config['sess_storage'] = 'cookie'; $config['sess_timeout'] = 0; $config['sess_destroy_on_timeout'] = FALSE; $config['sess_update_interval'] = 300; $config['sess_gc_probability'] = 10; $config['sess_http_only'] = FALSE; $config['sess_send_hdr'] = '';

[/code] [h3]Modifications of original CI implementation [/h3] The session variable "last_visit" is removed and replaced with "session_start"

Be aware that some session data is always present in the session cookie.

  • session_id
  • session_start
  • session_last_activity
  • session_ip
  • session_user_agent

Please enable cookie encryption if you do not want this info to be visible.

[h3]Discussion, Documentation and download[/h3]

  • For general usage, please see the CI session documentation [url=http://www.codeigniter.com/user_guide/libraries/sessions.html]user_guide[/url]
  • For specific usages, please see the OB Session documentation online [url=http://bleakview.orgfree.com/obsession/]OB Session[/url]
  • To discuss, post questions or bug reports please see thread [url=http://codeigniter.com/forums/viewthread/49253/]Discussion thread[/url]
  • You can download the library, documentation and demo / test code here [url=http://bleakview.orgfree.com/dl/obsession.zip]obsession.zip[/url]
Clone this wiki locally