From b0dd10f8171945e0c1f3527dd1e9d18b043e01a7 Mon Sep 17 00:00:00 2001 From: admin Date: Fri, 25 Aug 2006 17:25:49 +0000 Subject: Initial Import --- user_guide/libraries/sessions.html | 283 +++++++++++++++++++++++++++++++++++++ 1 file changed, 283 insertions(+) create mode 100644 user_guide/libraries/sessions.html (limited to 'user_guide/libraries/sessions.html') diff --git a/user_guide/libraries/sessions.html b/user_guide/libraries/sessions.html new file mode 100644 index 000000000..1050e1102 --- /dev/null +++ b/user_guide/libraries/sessions.html @@ -0,0 +1,283 @@ + + + + +Code Igniter User Guide + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + +

Code Igniter User Guide Version 1.4.0

+
+ + + + + + + + + +
+ + +
+ + + +
+ + +

Session Class

+ +

The Session class permits you maintain a user's "state" and track their activity while they browse your site. +The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie. +It can also store the session data in a database table for added security, as this permits the session ID in the +user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to +use the database option you'll need to create the session table as indicated below. +

+ +

Note: The Session class does not utilize native PHP sessions. It +generates its own session data, offering more flexibility for developers.

+ +

Initializing a Session

+ +

Sessions will typically run globally with each page load, so the session class must either be +initialized in your +controller constructors, or it can be +auto-loaded by the system. +For the most part the session class will run unattended in the background, so simply initializing the class +will cause it to read, create, and update sessions.

+ + +

To initialize the Session class manually in your controller constructor, use the $this->load->library function:

+ +$this->load->library('session'); +

Once loaded, the Sessions library object will be available using: $this->session

+ + +

How do Sessions work?

+ +

When a page is loaded, the session class will check to see if valid session data exists in the user's session cookie. +If sessions data does not exist (or if it has expired) a new session will be created and saved in the cookie. +If a session does exist, its information will be updated and the cookie will be updated.

+ +

It's important for you to understand that once initialized, the Session class runs automatically. There is nothing +you need to do to cause the above behavior to happen. You can, as you'll see below, work with session data or +even add your own data to a user's session, but the process of reading, writing, and updating a session is automatic.

+ + +

What is Session Data?

+ +

A session, as far as Code Igniter is concerned, is simply an array containing the following information:

+ + + +

The above data is stored in a cookie as a serialized array with this prototype:

+ +[array]
+(
+     'session_id'    => random hash,
+     'ip_address'    => 'string - user IP address',
+     'user_agent'    => 'string - user agent data',
+     'last_activity' => timestamp,
+     'last_visit'    => timestamp
+) + +

If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie, +making the data highly secure and impervious to being read or altered by someone. More info regarding encryption +can be found here, although the Session class will take care of initializing +and encrypting the data automatically.

+ +

Note: Session cookies are only updated every five minutes to reduce processor load. If you repeatedly reload a page +you'll notice that the "last activity" time only updates if five minutes or more has passed since the last time +the cookie was written.

+ +

Retrieving Session Data

+ +

Any piece of information from the session array is available using the following function:

+ +$this->session->userdata('item'); + +

Where item is the array index corresponding to the item you wish to fetch. For example, to fetch the session ID you +will do this:

+ +$session_id = $this->session->userdata('session_id'); + +

Note: The function returns FALSE (boolean) if the item you are trying to access does not exist.

+ + +

Adding Custom Session Data

+ +

A useful aspect of the session array is that you can add your own data to it and it will be stored in the user's cookie. +Why would you want to do this? Here's one example:

+ +

Let's say a particular user logs into your site. Once authenticated, +you could add their username and email address to the session cookie, making that data globally available to you without +having to run a database query when you need it.

+ +

To add your data to the session array involves passing an array containing your new data to this function:

+ +$this->session->set_userdata($array); + +

Where $array is an associative array containing your new data. Here's an example:

+ + +$newdata = array(
+                   'username'  => 'johndoe',
+                   'email'     => 'johndoe@some-site.com',
+                   'logged_in' => TRUE
+               );
+
+$this->session->set_userdata($newdata); + +

Note: Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The +encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.

+ +

Saving Session Data to a Database

+ +

While the session data array stored in the user's cookie contains a Session ID, +unless you store session data in a database there is no way to validate it. For some applications that require little or no +security, session ID validation may not be needed, but if your application requires security, validation is mandatory.

+ +

When session data is available in a database, every time a valid session is found in the user's cookie, a database +query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never +be updated, they can only be generated when a new session is created.

+ +

In order to store sessions, you must first create a database table for this purpose. Here is the basic +prototype required by the session class:

+ + + +

Note: By default the table is called ci_sessions, but you can name it anything you want +as long as you update the application/config/config.php file so that it contains the name you have chosen. +Once you have created your database table you can enable the database option in your config.php file as follows:

+ +$config['sess_use_database'] = TRUE; + +

Once enabled, the Session class will store session data in the DB.

+ +

Session Preferences

+ +

You'll find the following Session related preferences in your application/config/config.php file:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PreferenceDefaultOptionsDescription
sess_cookie_nameci_sessionNoneThe name you world the session cookie saved as.
sess_expiration7200NoneThe number of seconds you would like the session to last. The default value is 2 hours (7200 seconds). +If you would like a non-expiring session set the value to zero: 0
sess_encrypt_cookieTRUETRUE/FALSE (boolean)Whether to encrypt the session data.
sess_use_databaseFALSETRUE/FALSE (boolean)Whether to save the session data to a database. You must create the table before enabling this option.
sess_table_nameci_sessionsAny valid SQL table nameThe name of the session database table.
sess_match_ipFALSETRUE/FALSE (boolean)Whether to match the user's IP address when reading the session data. Note that some ISPs dynamically +changes the IP, so if you want a non-expiring session you will likely set this to FALSE.
sess_match_useragentTRUETRUE/FALSE (boolean)Whether to match the User Agent when reading the session data.
+ + +
+ + + + + + + \ No newline at end of file -- cgit v1.2.3-24-g4f1b