Where does CodeIgniter Retrieve Session Data From?

StackOverflow https://stackoverflow.com/questions/23452400

Domanda

I am using CodeIgniter to save session data in a database but I noticed that CI also saves some of that session info at the client side. If I need a secure last_activity time-stamp how do I know CI is retrieving the one from the database which is secure and not the one from the client side which is not? Does it match both last_activity timestamps to check for validity?

È stato utile?

Soluzione

my bad, that's what happen when you don't read carefully.

The answer is YES, does it has to match both.

This is from CodeIgniter Docs,

When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.

So this means yes, it does a matching.

From GitHub (stable 2.1) you can take a look at the database matching process here:

https://github.com/EllisLab/CodeIgniter/blob/2.1-stable/system/libraries/Session.php#L135

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top