Reputation: 63599
How Sessions in Codeigniter Work
I am trying to figure out how sessions work in Codeigniter. Reading the online manual, I see the following:
If sessions data does not exist (or if it has expired) a new session will be created and saved in the cookie. If a session does exist, its information will be updated and the cookie will be updated. With each update, the session_id will be regenerated.
and
Note: Session cookies are only updated every five minutes by default to reduce processor load. If you repeatedly reload a page you'll notice that the "last activity" time only updates if five minutes or more has passed since the last time the cookie was written. This time is configurable by changing the $config['sess_time_to_update'] line in your system/config/config.php file.
Question:
- What information is updated if a session exists when a page with session class is loaded? Is this the session id stored in the cookie, or the session data itself stored in the database?
- Session cookies are only updated every 5 minutes. What if the user goes from page A to page B within 5 minutes, and this requires the addition of new session data? Logically the session data should be updated, so I guess I'm understanding this line wrongly... In this case, I will guess that the session cookie gets a new session id every 5 minutes.
Any clarifications will help!
Upvotes: 6
Views: 4993
Answers (1)
Reputation: 472
Yes, is about the session id stored in the cookie. This is regenerated every 5 minutes. And when it's time to regenerate, first it will get current session data and than assign it to the new session id.
code from CI session library, function sess_update():
// Save the old session id so we know which record to
// update in the database if we need it
$old_sessid = $this->userdata['session_id'];
$new_sessid = '';
while (strlen($new_sessid) < 32)
{
$new_sessid .= mt_rand(0, mt_getrandmax());
}
// To make the session ID even more secure we'll combine it with the user's IP
$new_sessid .= $this->CI->input->ip_address();
// Turn it into a hash
$new_sessid = md5(uniqid($new_sessid, TRUE));
// Update the session data in the session data array
$this->userdata['session_id'] = $new_sessid;
$this->userdata['last_activity'] = $this->now;
Upvotes: 2
Related Questions
- Codeigniter/PHP sessions security question
- Creating Cookies in Codeigniter
- Session value in codeigniter
- Codeigniter Session database
- Codeigniter's session data, are they just cookies?
- Clarification on sessions CodeIgniter
- Understanding codeigniter sessions
- CodeIgniter sessions
- codeigniter sessions and cookies
- Sessions in Codeigniter