Get unique Session id in codeigniter

Question

I am trying to get session id using session_id(); But I get to know that It will be regenerated after every 5 minutes.

So i got a trick to set random number into a user defined session variable . like ,

$uniqueId = uniqid(rand(), TRUE);
$this->session->set_userdata("my_session_id", md5($uniqueId));

Now question is where should I place this code. If I place this code in my controller's constructor , It will be executed on each request. and will give me a different session id for each request.

How can I set this session variable only once ? and it will not change until session destroy() .

at login controller when you are redirecting user after successfull login and saving data in your session — Mudassar Khani, Mar 15 '17 at 11:58
http://stackoverflow.com/questions/13945603/how-does-codeigniters-sess-time-to-update-work , this might help — Mudassar Khani, Mar 15 '17 at 12:02
Try to read the `my_session_id` in the constructor. If it's already there, don't run the setter. — ourmandave, Mar 15 '17 at 12:12
May I ask why are you doing it? Is it because of protecting Session ID against XSS? — ICE, Mar 15 '17 at 12:32
I just want to add entry to databse table with user's session id. then How can i identify particular visitor without session_id ? — Nirali Joshi, Mar 15 '17 at 12:41
If the session_id is reset after 5 minutes then aren't the session variables lost at the same time? You want a variable to persist across sessions for unregistered users. I think this describes the purpose and function of persistent cookies perfectly — JeffUK, Jul 13 '17 at 12:25

score 4 · Answer 1 · edited Jul 13 '17 at 12:49

4

use php's built in function:

$session_id = session_id();

now $session_id is a unique session id.

edited Jul 13 '17 at 12:49

Abhishek Gurjar

7,426
10
37
45

answered Jul 13 '17 at 12:17

Ganesan San

174
6

In CI3 the session id is stored in the cookie data. If you inspect your browser you can see it. I believe session_id() is the proper way to get the session id as CI3 now works with the $_SESSION super global. – jjwdesign Sep 11 '18 at 13:58

ICE · Answer 2 · 2019-04-04T19:54:32.213

It's better to regenerate Session ID to prevent Session hijacking. Disabling session Id regeneration is bad Idea. read When and why I should use session_regenerate_id()? for more information.
If you want to identify the user by session, It's not good Idea to use Session Id.
You can set user ID on the session and use that as Identification for login. for more security you can store a random string as a key on the database and also set it on the session. On checking you can compare user ID and that key on the session with the user id and the key on the database.
If you want to have the same thing for Guest clients, you can do what I mentioned on #3 and store $_SESSION['guest']=USER_IP and create a guest table on the database which stores guest IP. and when isset($_SESSION['guest']) happens, you can check guest table instead of users table.
If you want protect your session against XSS, you can store another user information such as IP in your database and check that at start of your code.

score 1 · Answer 3 · answered Mar 15 '17 at 12:35

1

In your constructor check first whether session already set or not.If session is not set then set it otherwise do nothing.Like this..

$uniqueId = uniqid(rand(), TRUE);//generates random number 
if(!$this->session->has_userdata('my_session_id'))//if session is not set then it sets (if your session has already value then this step will be skip out)
{
$this->session->set_userdata("my_session_id", md5($uniqueId)); 
}

answered Mar 15 '17 at 12:35

Hikmat Sijapati

6,869
1
9
19

on every request control goes inside if condition , and resets value. I just cant understand why it returns false has_userdata('my_session_id') ?? and executes if statements – Nirali Joshi Mar 15 '17 at 12:58
any idea why it resets my_session_id variable ? – Nirali Joshi Mar 15 '17 at 12:59
3

It's better to write `$uniqueId = uniqid(rand(), TRUE);` inside if ;) – ICE Mar 15 '17 at 13:19

theEUG · Answer 4 · 2017-03-15T12:38:23.797

0

In the config.php set the below, then you don't have to generate your own session id

$config['sess_expiration'] =  0;//Session does not expire
$config['sess_time_to_update'] = 0;//Disable session ID regeneration

In your controller you'll need __construct()

public function __construct(&$params){
     // DO NOT forget this
     parent::__construct($params);
}

Then when you get the session you'd use

$this->session->userdata('id');

edited Mar 15 '17 at 12:38

answered Mar 15 '17 at 12:03

theEUG

399
5
18

I can set this time , but what happens now. I am getting $session_id = session_id(); in constructor's function. Ideally what should happen every time this function gets executed , $session id remain the same . But it gets changed on every function call . how to solve this ? – Nirali Joshi Mar 15 '17 at 12:21

Get unique Session id in codeigniter

4 Answers4