-
Notifications
You must be signed in to change notification settings - Fork 0
OB Session
Category:Libraries::Session Category:Session An attempt to provide the best of all possible session worlds. By Oscar Bajner.
This replacement class for Code Igniter session library borrows from ideas presented in Native_session and DB_session.
It attempts to retain all the benefits of the original CI implementation, adding the best features from other libs and adds several enhancements. Currently only for CI version 1.5.x
[h3]Updates[/h3] The session class has been updated: 15 April 2007. Please download the latest version and update your config file sess_ entries. Changes:
- Added ability to send a server header before cookie is sent
- Added ability to set a HttpOnly cookie, for PHP version 5.2.x Only!
- Added ability to pass string or array data to set_flashdata()
- Added ability to configure garbage collect probability.
[h3] Benefits over CI_Session and DB_Session[/h3]
- Session User Data can be stored either client-side in the cookie OR server-side in a database table.
- Highly configurable:
- Easily configure non-persistent sessions, session timeouts and session auto regeneration. (A non-persistent session ends on browser exit.)
- Incorporates "Flash data" as implemented in Native_Session and DB_Session.
- Provides function for manual session id regeneration.
[h3] Usage [/h3]
- the same as the original CI session library - just load the library from your /application/libraries directory : $this->load->library('session');
- access the session data via : $this->session->userdata() and $this->session->set_userdata() methods.
- Allows regenerating the session id manually by calling session->regenerate_id()
[h3] Configuration [/h3] The original config entry for CI session is amended as follows: [code]
Session Variables |
---|
| | 'session_cookie_name' = the name you want for the cookie | 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie | 'session_expiration' = the number of SECONDS you want the session to last. | by default sessions last 7200 seconds (two hours).
Set to zero (0) for a session which expires on browser exit. |
---|
Additional config items: |
'sess_storage' = Store USER DATA in 'cookie' or 'database' |
Some session data is always stored in the cookie, prefixed with "session_" |
Viz: "session_id", "session_start", "session_last_activity", "session_ip_address", "session_user_agent". |
'sess_timeout' = session time-to-live, in seconds, set to zero for no timeout. |
'sess_destroy_on_timeout' = TRUE/FALSE (boolean) |
The default is FALSE, the session_id is regenerated and existing session data is saved. |
'sess_update_interval' = Period in SECONDS between session updates. |
| | 'sess_gc_probability' = Percentage probability of garbage collection, default = 10, 100 = always, 0 = never. | 'sess_send_hdr' = Full server header to send, default = '', no header is sent. (only one header allowed) | A typical usage would be to send a P3P compact policy as a header for MSIE 6/7. | P3P example1 : 'sess_send_hdr' = 'P3P: CP="CAO PSA OUR"'; | P3P example2 : 'sess_send_hdr' = 'P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'; | Other example1 : 'sess_send_hdr' = 'Cache-Control: private'; | 'sess_http_only' = FALSE; // NB!! Only set this to TRUE if your server runs PHP 5.2 or higher! | An HttpOnly cookie protects against XSS, the cookie cannot be accessed via javascript, supported by IE6_SP1, IE7. | Setting TRUE on PHP < 5.2 will make your cookies crumble! | */ $config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_encrypt_cookie'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = FALSE; $config['sess_match_useragent'] = TRUE; // [OB] additional config items: $config['sess_storage'] = 'cookie'; $config['sess_timeout'] = 0; $config['sess_destroy_on_timeout'] = FALSE; $config['sess_update_interval'] = 300; $config['sess_gc_probability'] = 10; $config['sess_http_only'] = FALSE; $config['sess_send_hdr'] = '';
[/code] [h3]Modifications of original CI implementation [/h3] The session variable "last_visit" is removed and replaced with "session_start"
Be aware that some session data is always present in the session cookie.
- session_id
- session_start
- session_last_activity
- session_ip
- session_user_agent
Please enable cookie encryption if you do not want this info to be visible.
[h3]Discussion, Documentation and download[/h3]
- For general usage, please see the CI session documentation [url=http://www.codeigniter.com/user_guide/libraries/sessions.html]user_guide[/url]
- For specific usages, please see the OB Session documentation online [url=http://bleakview.orgfree.com/obsession/]OB Session[/url]
- To discuss, post questions or bug reports please see thread [url=http://codeigniter.com/forums/viewthread/49253/]Discussion thread[/url]
- You can download the library, documentation and demo / test code here [url=http://bleakview.orgfree.com/dl/obsession.zip]obsession.zip[/url]