Where does CodeIgniter Retrieve Session Data From?

Question

I am using CodeIgniter to save session data in a database but I noticed that CI also saves some of that session info at the client side. If I need a secure last_activity time-stamp how do I know CI is retrieving the one from the database which is secure and not the one from the client side which is not? Does it match both last_activity timestamps to check for validity?

Answer 1

my bad, that's what happen when you don't read carefully.

The answer is YES, does it has to match both.

This is from CodeIgniter Docs,

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

So this means yes, it does a matching.

From GitHub (stable 2.1) you can take a look at the database matching process here:

https://github.com/EllisLab/CodeIgniter/blob/2.1-stable/system/libraries/Session.php#L135