Codeigniter native session or ci session library - codeigniter

Im building a really small social site about sports.
And i would like to ask a more experienced developer, if it would be better to use native session or ci session library? and if ci library it it better to use the databse store?
Thank you for your options

The CI session library will get you up and going very quickly, giving you greater flexibility than native sessions. Keep in mind, though, that the CI_Session class is pretty paranoid; you might get some unexpected session expiration, particularly with AJAX-heavy applications.
I recommend going with CI sessions, with the following caveats:
Don't autoload the session class, as you'll probably want to ignore session renewal in some instances.
As best you can, avoid the session class for AJAX requests (if you absolutely need it, you'll need to overhaul the sess_update() function to prevent unexpected expirations)
You shouldn't be loading images dynamically through CI, but there are cases where it's needed. The same issues apply here as with AJAX requests.
Additionally, you'll need to store sessions in a table if you risk needing more storage than cookies allow (4KB, I think; you'll use it up even faster with encryption). Might as well go with a database and be done with it.

I would go for native PHP Session because I believe there's a problem with the latter.
What if the user's browser have cookies disabled?
Although Browsers with cookies disabled aren’t getting far on the internet these days… But still, there are people having their cookies disabled so CI sessioncookies in not a very good candidate...
So how can we use $_SESSION[] in codeigniter?
Try this:
Since the pages in mvc are triggered by the controller, we could do this
public function __construct(){
self::$instance =& $this;
foreach (is_loaded() as $var => $class) {
$this->$var =& load_class($class);
}
$this->load =& load_class('Loader', 'core');
$this->load->initialize();
log_message('debug', "Controller Class Initialized");
session_start();
}
to the CI_Controller class on system/core/Controller.php

You can also have the best of both by using the native session extended library.
To quote:
Benefits over CI_Session
* hardened against session fixation by cookie id TTL (time to live) - regenerates cookie id automatically every given amount of time (right
now configured inside the class) - see Note about making it setable.
* you can use all available PHP session storage drivers (database, memcache, etc.)
* “flash” session attributes (see: “Flash” attributes)
Benefits over PHPsession
* compatible with CI_Session
- the same way of use, just load the library, set_userdata(), userdata()
- easy to migrate existing apps to Native_session
- need docs - use the CI manual :)
* better security (automatic and manual session id regeneration)
PHPsession introduces concept of session namespace, which IMHO
encourages you to use large number of the the session vars. I prefer
to limit the use of sessions as much as possible (because of the
potential scalability problems), so the Native_session won’t implement
session namespaces.

Related

How to add a flashdata after session_write_close()

I upgraded my application from CI2 to CI3 (CI v3.1.9 and PHP7). Now I have performance issue with the new concurrency system in the session (see doc).
Some of the actions in the application are very long (because of calling an external APIs that can takes several minutes to respond for example) and I don't want those actions to lock the session. As recommended, I would use session_write_close() function in the controller before doing the very long action.
The problem is that I want to display a message to user after redirecting at the end of this action. Right now, I am using session->set_flashdata() before the redirection, but because I closed the session earlier, it is not working.
Does anyone have recommendations on how to achieve that?
If I am starting the session again with session_start() it is working, but I have no idea if this is best practice to use PHP session like that with Codeigniter.
There is no problem with starting the session again using session_start(). The CodeIgniter "Session" class is still loaded and the instance is still valid. So all the "special" stuff that CI does to make sessions work is good to go.
I tested and then used this scheme in a project some time back and didn't experience any problems. Haven't had any blow-back from the client of a still operating site either. YMMV.
BTW, in the __construct() function of the CI_Session class a call to session_start() is made in order to start up PHP's session extension. So making that call is clearly not a "bad" practice. :)

aspnetboilerplate session timeout & redis implementation

I am using ABP framework with MVC 5 and deployed into Azure. I have listed few session related questions below.
I used HttpContext.Current.Session in WebMpa project and AbpSession in Application services, but unable to get the data from AbpSession using HttpContext.Current.Session in WebMpa project, both are saving data in different place?
Am using static helper class and static property to Get/Set HttpContext.Current.Session value, if i want to remove the HttpContext.Current.Session any easiest way is available(with minimal code change), it could be better if we can get AbpSession from that static class?
I want to alert users 20 secs prior to session expired, is there any build in option available in ABP?
If I enable to Redis Cache implementation in my application, Cache, HttpContext.Current.Session, AbpSession and TempData will works without any issues and all should Get/Set values from Redis datasource?
AbpSession is not extending HttpContext.Current.Session. So the answer is yes you cannot share data btw AbpSession and Session.
Don't use static for injectable types. bad practise!
There's no built-in function for that. You can achieve this with a javascript function. When you finish a request, start timer. You know the session timeout duration. So when it reaches to 20secs, show an alert window to continue session. If answer is Yes then make a new request to slide session.
No! As i stated, Session and AbpSession is totally different things and you cannot share btw them.
PS: AbpSession stores claims. And it's extendable. So you can store any item in AbpSession. See the link to understand how to extend AbpSession https://gist.github.com/hikalkan/67469e05475c2d18cb88

Sessions in CakePHP 2.3

I just upgraded my app from CakePHP 1.3 to 2.3. The upgrade console is far from perfect, but after a day of debugging, I've solved most of the issues. There's just one left, and it's a big one: Sessions.
In my app I am not using any of the fancy $this->Session or CakeSession::read login, I've always relied on PHP Superglobal $_SESSION. In 1.3, that worked fine.
Enter CakePHP 2.3: Sessions seem to work only at some places in my functions, and for unknown reasons, they are sometimes empty. One example: in line 1 of a function in a controller, $_SESSION['key'] gives me an empty array, in line 10 it will give me a nicely populated array, and in my view it's empty again. Extremely frustrating. I've been able to solve this by calling session_start() when it doesn't work, but I don't want to go down that road.
The documentation states:
Usage of the $_SESSION is generally avoided in CakePHP, and instead usage of the Session classes is preferred.
I'm a bit surprised: Cake runs on PHP, so I would expect PHP superglobals to work.
I'm considering switching to CakeSession::read and CakeSession::write, but that's a laborious task: I'm using Sessions throughout my app.
Before switching, I'd like to know:
Is there a way to make the normal PHP $_SESSION superglobal work in Cakephp 2.3.7?
If not: is CakeSession::read and CakeSession::write the right alternative?
Some extra info:
I am calling the Session component in my AppController
I am calling the Session helper in my AppController
In general, you could access $_SESSION itself, but then you would need to assert session start and other things manually, as well - which CakePHP can and should take care of itself.
So why bother when you got a nice wrapper access to it?
I dont really see why this needs to be a question here. There are usually bigger fish to fry.
Believe me when I say that everyone uses the clean and neat component/helper/CakeSession access.
Also a nice site effect: You cannot trigger any "undefined index" warnings with the wrapper methods. They would simply return null if this key has not been set yet.
I am calling the Session component in my AppController
I am calling the Session helper in my AppController
No, helpers are for the view layer.

Sessions in Meteor

After a research it seems that Meteor Sessions are reset after refreshing page or opening the website in new tab, i.e. they are not usual server-side sessions but something like global javascript variables on client-side. Some people advice to use AmplifyJS, but I'm not sure that it will work like usual session in other frameworks/languages and also it is a third party library, so is there any normal way to use sessions in Meteor, i.e. keep user-specific data on server?
At this moment I'm handling that by using custom Collections, but it is not an ideal way of doing that because it is needed to remove expired values from Collection manually, which makes additional troubles.
Yes this is correct. Despite the name Session is nothing like a cookie, but just a reactive form of a variable stored in a hashmap
To keep data persistent across tabs you need to use a Collections (as this is the only way to reactively share data across tabs) - Cookies can't work because they can't be made reactive as data needs to be sent to the server to notify the client when there is a change. There really wouldn't be another way at the moment as the publish/subscribe methods can only send down data from collections at the moment.
You can use your setup you have now with your custom collection. You can use a server side cron job to remove expired data (either with Meteor.setInterval or Tom Coleman's cron.
There is a package developed just for that: https://atmospherejs.com/u2622/persistent-session
After installation you can use the following functions to set sessions which are persistent:
//store a persistent session variable which is stored across templates
Session.setPersistent(key, value);
//same as above, but automatically deletes session data when user logs out
Session.setAuth(key, value);
I've tried the package and it works like charm.

Using Session Vars in a MVC Domain Model library

I have a IQueryable function. In that function, I need to store and retrieve data to Session; can you guys point me in the right direction.
I've looked at the HttpSessionStatBase where the session is usually taken from HttpContext.Current but this doesnt seem possible to do in the library. Am I missing something?
Thanks in advance.
I would avoid having a dependency on the static HttpContext. My preferred strategy would be to extract the information from the session in the controller and pass it as parameters (or set as properties) on your data access layer/repository. If you feel that you must use the Session directly, then I would provide it to the DAL/repository in the same manner -- as a property or as a parameter. Note, however, that you are increasing the coupling between your DAL/repository and the controller. This will make it much more difficult to re-use in a non-web setting, i.e., you'd have to create a fake session just to interact with the DAL/repository if you ever needed to work with it from a windows service or console app, for example.

Resources