-
Notifications
You must be signed in to change notification settings - Fork 7.6k
NG Session
Code Igniter bundles a session class, working with cookies and limited database support in version 1.6. Unfortunately, this class stores session userdata directly inside the cookie, even when using the database. This is where NGSession steps in. It stores any userdata also in the database, if a database is being used.
2008/july update: fixed ip address / user agent always checking if using database to only check if set. See this file: File:Session.php.zip
- Based on a combination of Codeignitors Session.php in version 1.6 and DBSession.
- Fully compatible with Codeignitors Session.php in version 1.54 and 1.6 and DBSession.
- Designed as drop-in replacement for CI Session and/or DBSession.
- Any config option like encryption and any functionallity like flash session variables, session regeneration, validation etc. are fully supported.
- When using a database, only the session_id is stored in a cookie. Any other data is stored in the database.
- When using without a database, all data is stored in a cookie.
- Both modi work fully tansparent.
Example Mysql:
CREATE TABLE `ci_sessions` (
`session_id` varchar(40) NOT NULL default '0',
`ip_address` varchar(16) NOT NULL default '0',
`user_agent` varchar(50) NOT NULL,
`last_activity` int(10) unsigned NOT NULL default '0',
`session_data` text,
PRIMARY KEY (`session_id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;Note:
- The table is similar to the orginal CI session table definition, execpt that it adds a field session_data to keep userdata and flash variables.
- When using DBSession, the table is pretty much the same. So NGSession will not require any additional database config.
- UTF8 is not necessary but recommanded.
- Of cause, the database library must be loaded.
$config['sess_cookie_name'] = 'ci_session'; $config['sess_expiration'] = 7200; $config['sess_encrypt_cookie'] = FALSE; $config['sess_table_name'] = 'ci_sessions'; $config['sess_match_ip'] = TRUE; $config['sess_match_useragent'] = TRUE; $config['sess_use_database'] = TRUE; $config['sess_time_to_update'] = 300;
<h2>Usage</h2>
- Simply replace CI's session.php with this one.
- Use this lib as if you would CI session.php.
<h2>Test Case</h2>
- Create a simple controller and use the session lib.
- Set $config['sess_use_database'] = FALSE: All data should be stored in the cookie.
- Set $config['sess_use_database'] = TRUE: All data should be stored in the database. The cookie should only contain the session_id.
Example controller:
```php
class Main extends Controller {
function Main()
{
parent::Controller();
$this->load->library('view');
// this starts a session if none exists
$this->load->library('session');
}
Now the session data can be set/get like:
// setter
$this->session->set_userdata('user_id', $user_id);
// getter
if (!$this->session->userdata('user_id')) {}set_userdata($newdata = array(), $newval = '') unset_userdata($newdata = array()) all_userdata()
set_flashdata($newdata = array(), $newval = '') keep_flashdata($key) flashdata($key)
See the codeignitor documentation for more details.
<h2>Example for an integration into an auth system</h2>
Assumption:
$this->table_user: tablename of table that holds the user / user_id's
$this->field_user_id: name of the field that holds the user_id
Note: Uses CI 1.6 activerecord syntax and PHP5 syntax
```php
/**
* Validate login using credentials (typically email/password or username/password)
* On succuess it sets the user_id field in the session userdata and returns the user object
*
* @access public
* @param associative array example ('email'=>$email, 'password'=>dohash($password))
* @return mixed boolean:false or object with user record
*/
function login($where = array())
{
$query = $this->db->get_where($this->table_user, $where, 1, 0);
if ($query->num_rows != 1) return FALSE;
$row = $query->row();
$this->session->set_userdata('user_id', $row->{$this->field_user_id});
return $row;
}
/**
* Get user information of current logged in user or a specific user by id
*
* @access public
* @param int user_id, default = current session user_id
* @return mixed boolean:false or object with user record
*/
function get_user($id = FALSE)
{
if ($id === FALSE)
{
if (($id = $this->session->userdata('user_id')) === FALSE)
{
return FALSE;
}
}
$where = array(($this->table_user .'.' .$this->field_user_id) =>$id);
$query = $this->db->get_where($this->table_user, $where, 1, 0);
return ($query->num_rows() == 1) ? $query->row() : FALSE;
}
/**
* Logout current user
*
* No parameter. Logout is done by destroying the current user session.
*
* @access public
* @return void
*/
function logout()
{
$this->session->sess_destroy();
}
}