Skip to content
World Wide Web Server edited this page Jul 4, 2012 · 38 revisions

Native_session library was written for those who prefer to use native PHP session handling features over the original CI session implementation and require additional security.

[h3] Benefits over CI_Session [/h3]

  • hardened against session fixation by cookie id TTL (time to live) - regenerates cookie id automatically every given amount of time (right now configured inside the class)
  • you can use all available PHP session storage drivers (database, memcache, etc.)

[h3] Usage [/h3]

  • the same as the original CI session library - just load the library and access the session data via session->userdata() and session->set_userdata() methods
  • allows to regenerate cookie id manually by calling session->regenerate_id()

[h3] Files [/h3]

Contents of [b]system/application/libraries/native_session.php[/b]:

[code] <?php if (!defined('BASEPATH')) exit('No direct script access allowed'); /**

  • Session class using native PHP session features and hardened against session fixation.

  • @package CodeIgniter

  • @subpackage Libraries

  • @category Sessions

  • @author Dariusz Debowczyk */ class Native_session { var $session_id_ttl = 360; // session id time to live (TTL) in seconds

    function Native_session() { $this->object =& get_instance();

      log_message('debug', "Native_session Class Initialized");
      $this->_sess_run();
    

    }

    /**

    • Regenerates session id */ function regenerate_id() { // copy old session data, including its id $old_session_id = session_id(); $old_session_data = $_SESSION;

      // regenerate session id and store it session_regenerate_id(); $new_session_id = session_id();

      // switch to the old session and destroy its storage session_id($old_session_id); session_destroy();

      // switch back to the new session id and send the cookie session_id($new_session_id); session_start();

      // restore the old session data into the new session %

Clone this wiki locally