0

I am using codeigniter 3 , I have a big problem with codeigniter session ! beacause sessions will not been deleted after browser cloasing by ! so I desided to use native php session in codeigniter this way ! now I want to know if id encrypt all my session data (ative php session) , how is my security ? is this dangerous ?

SoheilYou
  • 907
  • 5
  • 23
  • 43
  • 2
    Native session is not dangerous for use in codeigniter it depend how good you have written the code read this article for more http://w3code.in/2015/10/how-to-use-native-php-session-in-codeigniter/ – Ricky Oct 28 '15 at 13:04
  • read this http://stackoverflow.com/questions/328/php-session-security – Linus Oct 28 '15 at 13:29
  • @Ricky, Your article is incorrect when you say "CodeIgniter doesn’t use standard PHP sessions, " Since version 3.0.0 CI_Session does use native PHP session. Take a look at http://www.codeigniter.com/user_guide/installation/upgrade_300.html#step-6-update-your-session-library-usage for more info. – DFriend Oct 28 '15 at 14:57
  • When I gave [this answer](http://stackoverflow.com/a/33389233/468027), I wasn't limiting it to CodeIgniter ... it's applicable to all sessions. The note in there is just to clarify how sessions work, switching to native PHP sessions won't help you. – Narf Oct 28 '15 at 19:58

1 Answers1

1

In In CodeIgniter 3.0.+ the Session library is using native PHP sessions.

If you would like a session that expires when the browser is closed, set $config['sess_expiration'] = 0; in application/config/config.php

DFriend
  • 8,869
  • 1
  • 13
  • 26
  • That is not 100% correct. CI3 does plug-in into PHP's user interface to sessions, but it does so with a userspace session handler, which has its limitations ... For example, tracking file uploads progress is not possible. – Narf Oct 28 '15 at 19:55
  • @Narf - How is it (it = "the Session library is using native PHP sessions") not be 100% true? After all, how can you implement a SessionHandlerInterface if you are not using PHP Sessions? I'll grant that It might not be a perfect implementation though. – DFriend Oct 28 '15 at 20:44
  • I'm not saying it's not using PHP sessions, but "native" implies something that comes with PHP itself and that's not the case ... the code that runs sessions in CI is custom-built. See the manual for `session_set_save_handler()` if you're not sure what I'm talking about. – Narf Oct 28 '15 at 21:14
  • Guess it depends on what your definition of is is. – DFriend Oct 28 '15 at 21:27