Vegan Sv
Reputation: 335
Do I need to use sessions in Codeigniter?
Or in PHP in general. I need to check if a user is logged in when accessing a certain page. Tutorials recommend using sessions e.g
$sessionData = array('username'=>$username, 'status'=>1);
$this->session->set_userdata($sessionData);
And for better security they recommend using a db table.
What if I just store username and status in a database and then change status to 0 when people log out?
Whenever they need access to a certain page I just check if the status 1.
Upvotes: 0
Views: 62
Answers (1)
Sammitch
Reputation: 32232
- When you call
session_start()PHP sets a cookie in the user's browser with a randomly-generated ID. - From then on in that file anytime you store a value in
$_SESSIONwill [by default] be stored in a file insession.save_pathat the end of the script. This file is identified by the session ID. - On subsequent requests the client sends their session ID cookie back to the server, so when you call
session_start()in your script PHP can go and retrieve that session file and restore the contents to$_SESSION.
Literally anything you will write will simply be re-implementing this already-written behaviour, but without the added layers of security contributed over the years to the PHP project.
Upvotes: 1
Related Questions
- Codeigniter/PHP sessions security question
- CodeIgniter login and session
- Session handling in CodeIgniter
- Security aspects of using native php session in codeigniter
- login and sessions using CodeIgniter
- are codeigniter sessions secure?
- Codeigniter secure sessions
- CodeIgniter sessions
- sessions in codeigniter
- Sessions in Codeigniter