From 1f622294b92c095fd91e8ca44912d405c1605ded Mon Sep 17 00:00:00 2001 From: Pascal Kriete Date: Thu, 7 Apr 2011 12:06:51 -0400 Subject: Wow, I screwed that up, Reactor is going to 2.0.2 not 2.0.1 --- user_guide/libraries/sessions.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'user_guide/libraries/sessions.html') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 5243a83d6..600d301c9 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -28,7 +28,7 @@
- +

CodeIgniter User Guide Version 2.0.1

CodeIgniter User Guide Version 2.0.2
-- cgit v1.2.3-24-g4f1b From 3403366d0f457c1dd449076b4177d1aff5cb176c Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Mon, 18 Apr 2011 11:18:09 -0500 Subject: changeset: 2202:06a75a1bd622 tag: tip user: Greg Aker date: Mon Apr 18 11:10:37 2011 -0500 summary: Tweak to session class all_userdata() to just return the userdata array. Also documented previously undocumented all_userdata() method. --- user_guide/libraries/sessions.html | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'user_guide/libraries/sessions.html') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 600d301c9..8d9c14eb6 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -170,6 +170,23 @@ having to run a database query when you need it.

Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.

+

Retrieving All Session Data

+

An array of all userdata can be retrieved as follows:

+$this->session->all_userdata() + +

And returns an associative array like the following:

+ +
+Array
+(
+    [session_id] => 4a5a5dca22728fb0a84364eeb405b601
+    [ip_address] => 127.0.0.1
+    [user_agent] => Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7;
+    [last_activity] => 1303142623
+)
+
+ +

Removing Session Data

Just as set_userdata() can be used to add information into a session, unset_userdata() can be used to remove it, by passing the session key. For example, if you wanted to remove 'some_name' from your session information:

$this->session->unset_userdata('some_name');

-- cgit v1.2.3-24-g4f1b From 882b76bda8b701a8718960b8d639f060ae79e998 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Wed, 20 Apr 2011 11:22:09 -0500 Subject: Fixed a bug (Reactor #231) where Sessions Library database table example SQL did not contain an index on last_activity. See Upgrade Notes Fixed a bug (Reactor #229) where the Sessions Library example SQL in the documentation contained incorrect SQL. --- user_guide/libraries/sessions.html | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'user_guide/libraries/sessions.html') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index 8d9c14eb6..6048f4809 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -218,15 +218,17 @@ be updated, they can only be generated when a new session is created.

In order to store sessions, you must first create a database table for this purpose. Here is the basic prototype (for MySQL) required by the session class:

- + session_id varchar(40) DEFAULT '0' NOT NULL, + ip_address varchar(16) DEFAULT '0' NOT NULL, + user_agent varchar(50) NOT NULL, + last_activity int(10) unsigned DEFAULT 0 NOT NULL, + user_data text NOT NULL, + PRIMARY KEY (session_id), + KEY `last_activity_idx` (`last_activity`) +); +

Note: By default the table is called ci_sessions, but you can name it anything you want as long as you update the application/config/config.php file so that it contains the name you have chosen. -- cgit v1.2.3-24-g4f1b From 50671cf8d67c805692fec49eda33d21227a21ec2 Mon Sep 17 00:00:00 2001 From: Greg Aker Date: Wed, 20 Apr 2011 11:36:45 -0500 Subject: Altered Session to use a longer match against the user_agent string. See upgrade notes if using database sessions. CREATE TABLE IF NOT EXISTS `ci_sessions` ( session_id varchar(40) DEFAULT '0' NOT NULL, ip_address varchar(16) DEFAULT '0' NOT NULL, - user_agent varchar(50) NOT NULL, + user_agent varchar(120) NOT NULL, last_activity int(10) unsigned DEFAULT 0 NOT NULL, user_data text NOT NULL, PRIMARY KEY (session_id), -- cgit v1.2.3-24-g4f1b From 114ab0988e20ac6be39ad363ff897a1a3b85e565 Mon Sep 17 00:00:00 2001 From: Razican Date: Mon, 25 Apr 2011 17:26:45 +0200 Subject: Fixed double-space typo. --- user_guide/libraries/sessions.html | 42 +++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'user_guide/libraries/sessions.html') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html index a6f3c601c..bb8f1fc9b 100644 --- a/user_guide/libraries/sessions.html +++ b/user_guide/libraries/sessions.html @@ -61,7 +61,7 @@ Session Class

The Session class permits you maintain a user's "state" and track their activity while they browse your site. The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie. It can also store the session data in a database table for added security, as this permits the session ID in the -user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to +user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to use the database option you'll need to create the session table as indicated below.

@@ -93,8 +93,8 @@ will cause it to read, create, and update sessions.

If sessions data does not exist (or if it has expired) a new session will be created and saved in the cookie. If a session does exist, its information will be updated and the cookie will be updated. With each update, the session_id will be regenerated.

-

It's important for you to understand that once initialized, the Session class runs automatically. There is nothing -you need to do to cause the above behavior to happen. You can, as you'll see below, work with session data or +

It's important for you to understand that once initialized, the Session class runs automatically. There is nothing +you need to do to cause the above behavior to happen. You can, as you'll see below, work with session data or even add your own data to a user's session, but the process of reading, writing, and updating a session is automatic.

@@ -106,7 +106,7 @@ even add your own data to a user's session, but the process of reading, writing,
  • The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)
  • The user's IP Address
  • The user's User Agent data (the first 50 characters of the browser data string)
    • -
  • The "last activity" time stamp.
    • +
  • The "last activity" time stamp.

    • The above data is stored in a cookie as a serialized array with this prototype:

    @@ -124,7 +124,7 @@ making the data highly secure and impervious to being read or altered by someone can be found here, although the Session class will take care of initializing and encrypting the data automatically.

    -

    Note: Session cookies are only updated every five minutes by default to reduce processor load. If you repeatedly reload a page +

    Note: Session cookies are only updated every five minutes by default to reduce processor load. If you repeatedly reload a page you'll notice that the "last activity" time only updates if five minutes or more has passed since the last time the cookie was written. This time is configurable by changing the $config['sess_time_to_update'] line in your system/config/config.php file.

    @@ -134,7 +134,7 @@ the cookie was written. This time is configurable by changing the $config['sess_ $this->session->userdata('item'); -

    Where item is the array index corresponding to the item you wish to fetch. For example, to fetch the session ID you +

    Where item is the array index corresponding to the item you wish to fetch. For example, to fetch the session ID you will do this:

    $session_id = $this->session->userdata('session_id'); @@ -145,7 +145,7 @@ will do this:

    Adding Custom Session Data

    A useful aspect of the session array is that you can add your own data to it and it will be stored in the user's cookie. -Why would you want to do this? Here's one example:

    +Why would you want to do this? Here's one example:

    Let's say a particular user logs into your site. Once authenticated, you could add their username and email address to the session cookie, making that data globally available to you without @@ -155,7 +155,7 @@ having to run a database query when you need it.

    $this->session->set_userdata($array); -

    Where $array is an associative array containing your new data. Here's an example:

    +

    Where $array is an associative array containing your new data. Here's an example:

    $newdata = array(
    @@ -167,7 +167,7 @@ having to run a database query when you need it.

    $this->session->set_userdata($newdata);

    If you want to add userdata one value at a time, set_userdata() also supports this syntax.

    $this->session->set_userdata('some_name', 'some_value');

    -

    Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The +

    Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.

    Retrieving All Session Data

    @@ -179,10 +179,10 @@ encryption process in particular produces a longer data string than the original 
     Array
 (
-    [session_id] => 4a5a5dca22728fb0a84364eeb405b601
-    [ip_address] => 127.0.0.1
-    [user_agent] => Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7;
-    [last_activity] => 1303142623
+  [session_id] => 4a5a5dca22728fb0a84364eeb405b601
+  [ip_address] => 127.0.0.1
+  [user_agent] => Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7;
+  [last_activity] => 1303142623
 )
    @@ -206,20 +206,20 @@ $this->session->unset_userdata($array_items);

    $this->session->keep_flashdata('item');

    Saving Session Data to a Database

    While the session data array stored in the user's cookie contains a Session ID, -unless you store session data in a database there is no way to validate it. For some applications that require little or no -security, session ID validation may not be needed, but if your application requires security, validation is mandatory. Otherwise, an old session +unless you store session data in a database there is no way to validate it. For some applications that require little or no +security, session ID validation may not be needed, but if your application requires security, validation is mandatory. Otherwise, an old session could be restored by a user modifying their cookies.

    When session data is available in a database, every time a valid session is found in the user's cookie, a database -query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never +query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

    -

    In order to store sessions, you must first create a database table for this purpose. Here is the basic +

    In order to store sessions, you must first create a database table for this purpose. Here is the basic prototype (for MySQL) required by the session class: