Skip to content

OB Session

Jump to bottom Edit New page
Derek Jones edited this page Jul 5, 2012 · 13 revisions

Category:Libraries::Session Category:Session An attempt to provide the best of all possible session worlds. By Oscar Bajner.

This replacement class for Code Igniter session library borrows from ideas presented in Native_session and DB_session.

It attempts to retain all the benefits of the original CI implementation, adding the best features from other libs and adds several enhancements. Author : Oscar Bajner. Based on : Existing CI Session Class. License : See CodeIgniter license. Requirements : CodeIgniter 1.5.0 or higher.

Updates

The session class has been updated: 01 May 2007. (Bugfix) Please download the latest version and update Session.php. Changes:

  1. Fixed a bug which was causing "index not found" warnings when using the database storage option is enabled.

The session class has been updated: 15 April 2007. Please download the latest version and update your config file sess_ entries. Changes:

  1. Added ability to send a server header before cookie is sent
  2. Added ability to set a HttpOnly cookie, for PHP version 5.2.x Only!
  3. Added ability to pass string or array data to set_flashdata()
  4. Added ability to configure garbage collect probability.

Benefits over CI_Session and DB_Session

  • Session User Data can be stored either client-side in the cookie OR server-side in a database table.
  • Highly configurable:
  • Easily configure non-persistent sessions, session timeouts and session auto regeneration. (A non-persistent session ends on browser exit.)
  • Incorporates "Flash data" as implemented in Native_Session and DB_Session.
  • Provides function for manual session id regeneration.

Usage

  • the same as the original CI session library - just load the library from your /application/libraries directory : $this->load->library('session');
  • access the session data via : $this->session->userdata() and $this->session->set_userdata() methods.
  • Allows regenerating the session id manually by calling session->regenerate_id()

Configuration

The original config entry for CI session is amended as follows:

| Session Variables
|--------------------------------------------------------------------------
|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean).  Whether to encrypt the cookie
| 'session_expiration'  = the number of SECONDS you want the session to last.
|  by default sessions last 7200 seconds (two hours).  
|  Set to zero (0) for a session which expires on browser exit.
|---------------------------------
|  Additional config items:
|  'sess_storage'       = Store USER DATA in 'cookie' or 'database'
|  Some session data is always stored in the cookie, prefixed with "session_"
|  Viz: "session_id", "session_start", "session_last_activity", "session_ip_address", "session_user_agent".
|  'sess_timeout'       = session time-to-live, in seconds, set to zero for no timeout.
|  'sess_destroy_on_timeout' = TRUE/FALSE (boolean)
|  The default is FALSE, the session_id is regenerated and existing session data is saved.
|  'sess_update_interval'    = Period in SECONDS between session updates.
|
| 'sess_gc_probability'  = Percentage probability of garbage collection, default = 10, 100 = always, 0 = never.
| 'sess_send_hdr' = Full server header to send, default = '', no header is sent. (only one header allowed)
|  A typical usage would be to send a P3P compact policy as a header for MSIE 6/7.
|  P3P example1 : 'sess_send_hdr' = 'P3P: CP="CAO PSA OUR"';
|  P3P example2 : 'sess_send_hdr' = 'P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"';
|  Other example1 : 'sess_send_hdr' = 'Cache-Control: private';
| 'sess_http_only' = FALSE; // NB!! Only set this to TRUE if your server runs PHP 5.2 or higher!
|  An HttpOnly cookie protects against XSS, the cookie cannot be accessed via javascript, supported by IE6_SP1, IE7.
|  Setting TRUE on PHP < 5.2 will make your cookies crumble!
|
*/
$config['sess_cookie_name']         = 'ci_session';
$config['sess_expiration']        = 7200;
$config['sess_encrypt_cookie']        = FALSE;
$config['sess_table_name']        = 'ci_sessions';
$config['sess_match_ip']            = FALSE;
$config['sess_match_useragent']        = TRUE;
// [OB] additional config items:
$config['sess_storage']             = 'cookie';
$config['sess_timeout']             = 0; 
$config['sess_destroy_on_timeout']  = FALSE; 
$config['sess_update_interval']     = 300; 
$config['sess_gc_probability']      = 10;
$config['sess_http_only']           = FALSE;
$config['sess_send_hdr']            = '';

Modifications of original CI implementation

The session variable "last_visit" is removed and replaced with "session_start"

Be aware that some session data is always present in the session cookie.

  • session_id
  • session_start
  • session_last_activity
  • session_ip
  • session_user_agent

Please enable cookie encryption if you do not want this info to be visible.

Discussion, Documentation and download

Please note: My host does not allow a direct download link. You will only be able to download the zip file "obsession.zip" from the home page given below.

  • For general usage, please see the CI session documentation user_guide
  • To view documentation online, or to download, please go to OB Session
  • To discuss, post questions or bug reports please see thread Discussion thread
Add a custom footer
Add a custom sidebar
Clone this wiki locally