-
Notifications
You must be signed in to change notification settings - Fork 0
NDB Session Class
Category:Session Category:Libraries::Session Category:Contributions::Libraries::PHP
[h2] NDB Session Class for CodeIgniter - Version 1.4[/h2] [h2](Last update 03.09.2011)[/h2]
Native Session makes good use of PHP’s native session handling abilities, but it does not allow the use of a database for session storage. Saving user session data into database is more secure on any type of hosting (Shared ... ). This library overwrites normal native sassion functions too save user data directly into database and gives us some extra functions over CI Session.
[b]Follow on BitBucket: [/b] LINK.
[b]Follow on CodeIgniter Forum:[/b] LINK.
[b]Download on BitBucket: [/b] LINK.
[h2]Overview[/h2]
- Is based on Native Session but has database functionality built in.
- Cmpatible with CodeIgniter 1.7 +.
- Drop-in replacement for CI’s Session library.
- Config options and flash data are supported but not ession encryption.
- When using with a database, only the session_id is stored in a cookie. Any other data is stored in the database (Nativly would be stored to server ).
- Tested IE6, IE7, IE8, IE9, Firefox 4, Chrome
- PHP5+
[h2]Usage[/h2]
[b]Same usage as CI Session + Extras:[/b] LINK.
[b]Extras:[/b]
- Access data from database: [code] $_SESSION['Data]; [/code]
- Write data to database: [code] $_SESSION['Data'] = 'Value'; [/code]
[h2]Install[/h2]
- Download Session Class and copy it to "appliaction/libraries/"
- Insert new database table for Session storage
- Autoload or load CI database Class and Session Class
- Don't forget to setup database configuration
- Have fun
[h2]Differences between NDB Session and Native Session[/h2]
- Session ID only in cookie and no user data
- Saving user data to database and not to server
- Regenerating session id every X min
- Keeping track of session expiration and session time to update
- Checking if session hijected
- OOP Approach
[h2]Differences between NDB Session and CI Session[/h2]
- Using native PHP Session functions ( Smaller lib. same security )
- No encryption of cookie as only Session ID is stored in cookie (Allready hashed)
- Checking valid Session ID differently ( We dont save IP, Useragent, Activity to an cookie)
- Session garbage collector works differently ( Expired data, Useless data)
- After session destroy we create new empty session so u can set new Session data after it
- Some CI Session functions removed as not needet (Functions which PHP does it for us)
- Extras for setting and accessing Session data( $_SESSION['data'] ...)
[h2]Required Database Structure[/h2]
[code]
CREATE TABLE IF NOT EXISTS Sessions
(
session_id
varchar(40) collate utf8_bin NOT NULL default '0',
ip_address
varchar(16) collate utf8_bin NOT NULL default '0',
user_agent
varchar(50) collate utf8_bin NOT NULL,
last_activity
int(10) unsigned NOT NULL default '0',
user_data
text collate utf8_bin NOT NULL,
PRIMARY KEY (session_id
)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
[/code]
[h2]Example Configuration (/system/application/config/config.php)[/h2]
[code] $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 3600; // 1 H $config['sess_expire_on_close'] = FALSE; $config['sess_encrypt_cookie'] = FALSE; $config['sess_use_database'] = TRUE; $config['sess_table_name'] = 'Sessions'; $config['sess_match_ip'] = TRUE; $config['sess_match_useragent'] = TRUE; $config['sess_time_to_update'] = 300; // 5 min
$config['cookie_prefix'] = ''; $config['cookie_domain'] = '.URI.com'; $config['cookie_path'] = '/'; [/code]