dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 1 | ############## |
| 2 | Session Driver |
| 3 | ############## |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 4 | |
| 5 | The Session class permits you maintain a user's "state" and track their |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 6 | activity while they browse your site. CodeIgniter offers two default |
| 7 | session drivers: the classic `Cookie Driver`_, and the `Native Driver`_, |
| 8 | which supports usage of the native PHP Session mechanism. In addition, |
| 9 | you may create your own `Custom Drivers`_ to store session data however |
| 10 | you wish, while still taking advantage of the features of the Session class. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 11 | |
Andrey Andreev | cc04209 | 2014-01-03 17:08:27 +0200 | [diff] [blame] | 12 | .. contents:: |
| 13 | :local: |
| 14 | |
| 15 | .. raw:: html |
| 16 | |
| 17 | <div class="custom-index container"></div> |
| 18 | |
Andrey Andreev | de1fe7d | 2014-01-20 17:06:16 +0200 | [diff] [blame] | 19 | *********************** |
| 20 | Using the Session Class |
| 21 | *********************** |
| 22 | |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 23 | Initializing a Session |
| 24 | ====================== |
| 25 | |
| 26 | Sessions will typically run globally with each page load, so the session |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 27 | class must either be :doc:`initialized <../general/drivers>` in your |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 28 | :doc:`controller <../general/controllers>` constructors, or it can be |
| 29 | :doc:`auto-loaded <../general/autoloader>` by the system. For the most |
| 30 | part the session class will run unattended in the background, so simply |
| 31 | initializing the class will cause it to read, create, and update |
| 32 | sessions. |
| 33 | |
| 34 | To initialize the Session class manually in your controller constructor, |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 35 | use the ``$this->load->driver`` function:: |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 36 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 37 | $this->load->driver('session'); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 38 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 39 | Once loaded, the Sessions library object will be available using:: |
| 40 | |
Andrey Andreev | cc04209 | 2014-01-03 17:08:27 +0200 | [diff] [blame] | 41 | $this->session |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 42 | |
| 43 | How do Sessions work? |
| 44 | ===================== |
| 45 | |
| 46 | When a page is loaded, the session class will check to see if valid |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 47 | session data exists in the user's session. If sessions data does **not** |
| 48 | exist (or if it has expired) a new session will be created and saved. |
| 49 | If a session does exist, its information will be updated. With each update, |
| 50 | the session_id will be regenerated. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 51 | |
| 52 | It's important for you to understand that once initialized, the Session |
| 53 | class runs automatically. There is nothing you need to do to cause the |
| 54 | above behavior to happen. You can, as you'll see below, work with |
| 55 | session data or even add your own data to a user's session, but the |
| 56 | process of reading, writing, and updating a session is automatic. |
| 57 | |
| 58 | What is Session Data? |
| 59 | ===================== |
| 60 | |
| 61 | A *session*, as far as CodeIgniter is concerned, is simply an array |
| 62 | containing the following information: |
| 63 | |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 64 | - The user's unique Session ID (this is a statistically random string |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 65 | with very strong entropy, hashed with MD5 for portability, and |
| 66 | regenerated (by default) every five minutes) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 67 | - The user's IP Address |
| 68 | - The user's User Agent data (the first 120 characters of the browser |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 69 | data string) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 70 | - The "last activity" time stamp. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 71 | |
| 72 | The above data is stored in a cookie as a serialized array with this |
| 73 | prototype:: |
| 74 | |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 75 | [array] |
| 76 | ( |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 77 | 'session_id' => random hash, |
| 78 | 'ip_address' => 'string - user IP address', |
| 79 | 'user_agent' => 'string - user agent data', |
| 80 | 'last_activity' => timestamp |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 81 | ) |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 82 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 83 | .. note:: Sessions are only updated every five minutes by default to |
| 84 | reduce processor load. If you repeatedly reload a page you'll notice |
| 85 | that the "last activity" time only updates if five minutes or more has |
| 86 | passed since the last time the cookie was written. This time is |
| 87 | configurable by changing the $config['sess_time_to_update'] line in |
| 88 | your system/config/config.php file. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 89 | |
| 90 | Retrieving Session Data |
| 91 | ======================= |
| 92 | |
| 93 | Any piece of information from the session array is available using the |
| 94 | following function:: |
| 95 | |
| 96 | $this->session->userdata('item'); |
| 97 | |
| 98 | Where item is the array index corresponding to the item you wish to |
| 99 | fetch. For example, to fetch the session ID you will do this:: |
| 100 | |
| 101 | $session_id = $this->session->userdata('session_id'); |
| 102 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 103 | .. note:: The function returns NULL if the item you are |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 104 | trying to access does not exist. |
| 105 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 106 | If you want to retrieve all of the existing userdata, you can simply |
| 107 | omit the item key parameter:: |
| 108 | |
| 109 | $this->session->userdata(); |
| 110 | |
| 111 | /** |
| 112 | * Produces something similar to: |
| 113 | * |
| 114 | * Array |
| 115 | * ( |
| 116 | * [session_id] => 4a5a5dca22728fb0a84364eeb405b601 |
| 117 | * [ip_address] => 127.0.0.1 |
| 118 | * [user_agent] => Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; |
| 119 | * [last_activity] => 1303142623 |
| 120 | * ) |
| 121 | */ |
| 122 | |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 123 | Adding Custom Session Data |
| 124 | ========================== |
| 125 | |
| 126 | A useful aspect of the session array is that you can add your own data |
| 127 | to it and it will be stored in the user's cookie. Why would you want to |
| 128 | do this? Here's one example: |
| 129 | |
| 130 | Let's say a particular user logs into your site. Once authenticated, you |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 131 | could add their username and email address to the session, making |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 132 | that data globally available to you without having to run a database |
| 133 | query when you need it. |
| 134 | |
| 135 | To add your data to the session array involves passing an array |
| 136 | containing your new data to this function:: |
| 137 | |
| 138 | $this->session->set_userdata($array); |
| 139 | |
| 140 | Where $array is an associative array containing your new data. Here's an |
| 141 | example:: |
| 142 | |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 143 | $newdata = array( |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 144 | 'username' => 'johndoe', |
| 145 | 'email' => 'johndoe@some-site.com', |
| 146 | 'logged_in' => TRUE |
| 147 | ); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 148 | |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 149 | $this->session->set_userdata($newdata); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 150 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 151 | If you want to add userdata one value at a time, ``set_userdata()`` also |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 152 | supports this syntax. |
| 153 | |
| 154 | :: |
| 155 | |
| 156 | $this->session->set_userdata('some_name', 'some_value'); |
| 157 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 158 | If you want to verify that a userdata value exists, call ``has_userdata()``. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 159 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 160 | :: |
| 161 | |
| 162 | $this->session->has_userdata('some_name'); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 163 | |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 164 | Removing Session Data |
| 165 | ===================== |
| 166 | |
| 167 | Just as set_userdata() can be used to add information into a session, |
| 168 | unset_userdata() can be used to remove it, by passing the session key. |
| 169 | For example, if you wanted to remove 'some_name' from your session |
| 170 | information:: |
| 171 | |
| 172 | $this->session->unset_userdata('some_name'); |
| 173 | |
| 174 | |
| 175 | This function can also be passed an associative array of items to unset. |
| 176 | |
| 177 | :: |
| 178 | |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 179 | $array_items = array('username' => '', 'email' => ''); |
| 180 | |
| 181 | $this->session->unset_userdata($array_items); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 182 | |
| 183 | |
| 184 | Flashdata |
| 185 | ========= |
| 186 | |
| 187 | CodeIgniter supports "flashdata", or session data that will only be |
| 188 | available for the next server request, and are then automatically |
| 189 | cleared. These can be very useful, and are typically used for |
| 190 | informational or status messages (for example: "record 2 deleted"). |
| 191 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 192 | .. note:: Flash variables are prefaced with "flash\_" so avoid this prefix |
| 193 | in your own session names. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 194 | |
| 195 | To add flashdata:: |
| 196 | |
| 197 | $this->session->set_flashdata('item', 'value'); |
| 198 | |
| 199 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 200 | You can also pass an array to ``set_flashdata()``, in the same manner as |
| 201 | ``set_userdata()``. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 202 | |
| 203 | To read a flashdata variable:: |
| 204 | |
| 205 | $this->session->flashdata('item'); |
Johnathan Croom | 4beca5c | 2012-11-23 18:32:46 -0700 | [diff] [blame] | 206 | |
Mike Funk | 7c26fab | 2012-02-24 09:45:02 -0500 | [diff] [blame] | 207 | An array of all flashdata can be retrieved as follows:: |
| 208 | |
Andrey Andreev | ecc260e | 2014-01-24 14:20:13 +0200 | [diff] [blame] | 209 | $this->session->flashdata(); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 210 | |
| 211 | |
| 212 | If you find that you need to preserve a flashdata variable through an |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 213 | additional request, you can do so using the ``keep_flashdata()`` function. |
Johnathan Croom | 4beca5c | 2012-11-23 18:32:46 -0700 | [diff] [blame] | 214 | You can either pass a single item or an array of flashdata items to keep. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 215 | |
| 216 | :: |
| 217 | |
| 218 | $this->session->keep_flashdata('item'); |
Johnathan Croom | 4beca5c | 2012-11-23 18:32:46 -0700 | [diff] [blame] | 219 | $this->session->keep_flashdata(array('item1', 'item2', 'item3')); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 220 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 221 | .. note:: The function will return NULL if the item cannot be found. |
| 222 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 223 | Tempdata |
| 224 | ======== |
| 225 | |
| 226 | CodeIgniter also supports "tempdata", or session data with a specific |
| 227 | expiration time. After the value expires, or the session expires or is |
| 228 | deleted, the value is automatically removed. |
| 229 | |
| 230 | To add tempdata:: |
| 231 | |
| 232 | $expire = 300; // Expire in 5 minutes |
| 233 | |
| 234 | $this->session->set_tempdata('item', 'value', $expire); |
| 235 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 236 | You can also pass an array to ``set_tempdata()``:: |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 237 | |
| 238 | $tempdata = array('newuser' => TRUE, 'message' => 'Thanks for joining!'); |
| 239 | |
| 240 | $this->session->set_tempdata($tempdata, '', $expire); |
| 241 | |
| 242 | .. note:: If the expiration is omitted or set to 0, the default expiration of |
| 243 | 5 minutes will be used. |
| 244 | |
| 245 | To read a tempdata variable:: |
| 246 | |
| 247 | $this->session->tempdata('item'); |
| 248 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 249 | And of course, if you want to retrieve all existing tempdata:: |
| 250 | |
| 251 | $this->session->tempdata(); |
| 252 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 253 | If you need to remove a tempdata value before it expires, |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 254 | use ``unset_tempdata()``:: |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 255 | |
| 256 | $this->session->unset_tempdata('item'); |
| 257 | |
| 258 | Destroying a Session |
| 259 | ==================== |
| 260 | |
| 261 | To clear the current session:: |
| 262 | |
| 263 | $this->session->sess_destroy(); |
| 264 | |
| 265 | .. note:: This function should be the last one called, and even flash |
| 266 | variables will no longer be available. If you only want some items |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 267 | destroyed and not all, use ``unset_userdata()``. |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 268 | |
| 269 | Session Preferences |
| 270 | =================== |
| 271 | |
| 272 | You'll find the following Session related preferences in your |
Andrey Andreev | 2d5ebf7 | 2013-10-29 13:27:59 +0200 | [diff] [blame] | 273 | *application/config/config.php* file: |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 274 | |
| 275 | =========================== =============== =========================== ========================================================================== |
| 276 | Preference Default Options Description |
| 277 | =========================== =============== =========================== ========================================================================== |
| 278 | **sess_driver** cookie cookie/native/*custom* The initial session driver to load. |
| 279 | **sess_valid_drivers** cookie, native None Additional valid drivers which may be loaded. |
| 280 | **sess_cookie_name** ci_session None The name you want the session cookie saved as (data for Cookie driver or |
| 281 | session ID for Native driver). |
| 282 | **sess_expiration** 7200 None The number of seconds you would like the session to last. The default |
| 283 | value is 2 hours (7200 seconds). If you would like a non-expiring |
| 284 | session set the value to zero: 0 |
| 285 | **sess_expire_on_close** FALSE TRUE/FALSE (boolean) Whether to cause the session to expire automatically when the browser |
| 286 | window is closed. |
| 287 | **sess_encrypt_cookie** FALSE TRUE/FALSE (boolean) Whether to encrypt the session data (Cookie driver only). |
| 288 | **sess_use_database** FALSE TRUE/FALSE (boolean) Whether to save the session data to a database. You must create the |
| 289 | table before enabling this option (Cookie driver only). |
| 290 | **sess_table_name** ci_sessions Any valid SQL table name The name of the session database table (Cookie driver only). |
| 291 | **sess_time_to_update** 300 Time in seconds This options controls how often the session class will regenerate itself |
Andrey Andreev | 2d5ebf7 | 2013-10-29 13:27:59 +0200 | [diff] [blame] | 292 | and create a new session ID. Setting it to 0 will disable session |
| 293 | ID regeneartion. |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 294 | **sess_match_ip** FALSE TRUE/FALSE (boolean) Whether to match the user's IP address when reading the session data. |
| 295 | Note that some ISPs dynamically changes the IP, so if you want a |
| 296 | non-expiring session you will likely set this to FALSE. |
| 297 | **sess_match_useragent** TRUE TRUE/FALSE (boolean) Whether to match the User Agent when reading the session data. |
| 298 | =========================== =============== =========================== ========================================================================== |
| 299 | |
| 300 | In addition to the values above, the cookie and native drivers apply the |
| 301 | following configuration values shared by the :doc:`Input <input>` and |
| 302 | :doc:`Security <security>` classes: |
| 303 | |
| 304 | =========================== =============== ========================================================================== |
| 305 | Preference Default Description |
| 306 | =========================== =============== ========================================================================== |
| 307 | **cookie_prefix** '' Set a cookie name prefix in order to avoid name collisions |
| 308 | **cookie_domain** '' The domain for which the session is applicable |
| 309 | **cookie_path** / The path to which the session is applicable |
| 310 | =========================== =============== ========================================================================== |
| 311 | |
| 312 | Session Drivers |
| 313 | =============== |
| 314 | |
| 315 | By default, the `Cookie Driver`_ is loaded when a session is initialized. |
| 316 | However, any valid driver may be selected with the $config['sess_driver'] |
| 317 | line in your config.php file. |
| 318 | |
| 319 | The session driver library comes with the cookie and native drivers |
| 320 | installed, and `Custom Drivers`_ may also be installed by the user. |
| 321 | |
| 322 | Typically, only one driver will be used at a time, but CodeIgniter does |
| 323 | support loading multiple drivers. If a specific valid driver is called, it |
| 324 | will be automatically loaded. Or, an additional driver may be explicitly |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 325 | loaded by ``calling load_driver()``:: |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 326 | |
| 327 | $this->session->load_driver('native'); |
| 328 | |
| 329 | The Session library keeps track of the most recently selected driver to call |
| 330 | for driver methods. Normally, session class methods are called directly on |
| 331 | the parent class, as illustrated above. However, any methods called through |
| 332 | a specific driver will select that driver before invoking the parent method. |
| 333 | |
| 334 | So, alternation between multiple drivers can be achieved by specifying which |
| 335 | driver to use for each call:: |
| 336 | |
| 337 | $this->session->native->set_userdata('foo', 'bar'); |
| 338 | |
| 339 | $this->session->cookie->userdata('foo'); |
| 340 | |
| 341 | $this->session->native->unset_userdata('foo'); |
| 342 | |
| 343 | Notice in the previous example that the *native* userdata value 'foo' |
| 344 | would be set to 'bar', which would NOT be returned by the call for |
| 345 | the *cookie* userdata 'foo', nor would the *cookie* value be unset by |
| 346 | the call to unset the *native* 'foo' value. The drivers maintain independent |
| 347 | sets of values, regardless of key names. |
| 348 | |
| 349 | A specific driver may also be explicitly selected for use by pursuant |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 350 | methods with the ``select_driver()`` call:: |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 351 | |
| 352 | $this->session->select_driver('native'); |
| 353 | |
| 354 | $this->session->userdata('item'); // Uses the native driver |
| 355 | |
| 356 | Cookie Driver |
| 357 | ------------- |
| 358 | |
| 359 | The Cookie driver stores session information for each user as serialized |
| 360 | (and optionally encrypted) data in a cookie. It can also store the session |
| 361 | data in a database table for added security, as this permits the session ID |
| 362 | in the user's cookie to be matched against the stored session ID. By default |
| 363 | only the cookie is saved. If you choose to use the database option you'll |
| 364 | need to create the session table as indicated below. |
| 365 | |
| 366 | If you have the encryption option enabled, the serialized array will be |
| 367 | encrypted before being stored in the cookie, making the data highly |
| 368 | secure and impervious to being read or altered by someone. More info |
| 369 | regarding encryption can be :doc:`found here <encryption>`, although |
| 370 | the Session class will take care of initializing and encrypting the data |
| 371 | automatically. |
| 372 | |
| 373 | .. note:: Even if you are not using encrypted sessions, you must set |
| 374 | an :doc:`encryption key <./encryption>` in your config file which is used |
| 375 | to aid in preventing session data manipulation. |
| 376 | |
| 377 | .. note:: Cookies can only hold 4KB of data, so be careful not to exceed |
| 378 | the capacity. The encryption process in particular produces a longer |
| 379 | data string than the original so keep careful track of how much data you |
| 380 | are storing. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 381 | |
| 382 | Saving Session Data to a Database |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 383 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 384 | |
| 385 | While the session data array stored in the user's cookie contains a |
| 386 | Session ID, unless you store session data in a database there is no way |
| 387 | to validate it. For some applications that require little or no |
| 388 | security, session ID validation may not be needed, but if your |
| 389 | application requires security, validation is mandatory. Otherwise, an |
| 390 | old session could be restored by a user modifying their cookies. |
| 391 | |
| 392 | When session data is available in a database, every time a valid session |
| 393 | is found in the user's cookie, a database query is performed to match |
| 394 | it. If the session ID does not match, the session is destroyed. Session |
| 395 | IDs can never be updated, they can only be generated when a new session |
| 396 | is created. |
| 397 | |
| 398 | In order to store sessions, you must first create a database table for |
| 399 | this purpose. Here is the basic prototype (for MySQL) required by the |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 400 | session class:: |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 401 | |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 402 | CREATE TABLE IF NOT EXISTS `ci_sessions` ( |
| 403 | session_id varchar(40) DEFAULT '0' NOT NULL, |
Andrey Andreev | 5a25718 | 2012-06-10 06:18:14 +0300 | [diff] [blame] | 404 | ip_address varchar(45) DEFAULT '0' NOT NULL, |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 405 | user_agent varchar(120) NOT NULL, |
| 406 | last_activity int(10) unsigned DEFAULT 0 NOT NULL, |
| 407 | user_data text NOT NULL, |
Andrey Andreev | e2afc88 | 2012-11-01 01:35:34 +0200 | [diff] [blame] | 408 | PRIMARY KEY (session_id, ip_address, user_agent), |
Derek Jones | 4b83d91 | 2011-10-05 15:42:30 -0500 | [diff] [blame] | 409 | KEY `last_activity_idx` (`last_activity`) |
| 410 | ); |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 411 | |
Andrey Andreev | 69e1b4f | 2014-01-07 17:29:25 +0200 | [diff] [blame] | 412 | Or if you're using PostgreSQL:: |
| 413 | |
| 414 | CREATE TABLE ci_sessions ( |
| 415 | session_id varchar(40) DEFAULT '0' NOT NULL, |
| 416 | ip_address varchar(45) DEFAULT '0' NOT NULL, |
| 417 | user_agent varchar(120) NOT NULL, |
| 418 | last_activity bigint DEFAULT 0 NOT NULL, |
| 419 | user_data text NOT NULL, |
| 420 | PRIMARY KEY (session_id) |
| 421 | ); |
| 422 | |
| 423 | CREATE INDEX last_activity_idx ON ci_sessions(last_activity); |
| 424 | |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 425 | .. note:: By default the table is called ci_sessions, but you can name |
| 426 | it anything you want as long as you update the |
Andrey Andreev | 69e1b4f | 2014-01-07 17:29:25 +0200 | [diff] [blame] | 427 | *application/config/config.php* file so that it contains the name |
| 428 | you have chosen. Once you have created your database table you |
| 429 | can enable the database option in your config.php file as follows:: |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 430 | |
| 431 | $config['sess_use_database'] = TRUE; |
| 432 | |
| 433 | Once enabled, the Session class will store session data in the DB. |
| 434 | |
| 435 | Make sure you've specified the table name in your config file as well:: |
| 436 | |
| 437 | $config['sess_table_name'] = 'ci_sessions'; |
| 438 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 439 | .. note:: The Cookie driver has built-in garbage collection which clears |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 440 | out expired sessions so you do not need to write your own routine to do |
| 441 | it. |
| 442 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 443 | Native Driver |
| 444 | ------------- |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 445 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 446 | The Native driver relies on native PHP sessions to store data in the |
| 447 | $_SESSION superglobal array. All stored values continue to be available |
| 448 | through $_SESSION, but flash- and temp- data items carry special prefixes. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 449 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 450 | Custom Drivers |
| 451 | -------------- |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 452 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 453 | You may also :doc:`create your own <../general/creating_drivers>` custom |
| 454 | session drivers. A session driver basically manages an array of name/value |
| 455 | pairs with some sort of storage mechanism. |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 456 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 457 | To make a new driver, extend CI_Session_driver. Overload the ``initialize()`` |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 458 | method and read or create session data. Then implement a save handler to |
| 459 | write changed data to storage (sess_save), a destroy handler to remove |
dchill42 | b3816b7 | 2012-08-13 09:47:58 -0400 | [diff] [blame] | 460 | deleted data (sess_destroy), a regenerate handler to make a new session ID |
| 461 | (sess_regenerate), and an access handler to expose the data (get_userdata). |
| 462 | Your initial class might look like:: |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 463 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 464 | class CI_Session_custom extends CI_Session_driver { |
Andrey Andreev | b57b2ad | 2014-01-03 12:02:08 +0200 | [diff] [blame] | 465 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 466 | protected function initialize() |
| 467 | { |
| 468 | // Read existing session data or create a new one |
| 469 | } |
Derek Jones | 8ede1a2 | 2011-10-05 13:34:52 -0500 | [diff] [blame] | 470 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 471 | public function sess_save() |
| 472 | { |
| 473 | // Save current data to storage |
| 474 | } |
| 475 | |
| 476 | public function sess_destroy() |
| 477 | { |
| 478 | // Destroy the current session and clean up storage |
| 479 | } |
| 480 | |
| 481 | public function sess_regenerate() |
| 482 | { |
| 483 | // Create new session ID |
| 484 | } |
| 485 | |
| 486 | public function &get_userdata() |
| 487 | { |
| 488 | // Return a reference to your userdata array |
| 489 | } |
Andrey Andreev | b57b2ad | 2014-01-03 12:02:08 +0200 | [diff] [blame] | 490 | |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 491 | } |
| 492 | |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 493 | Notice that ``get_userdata()`` returns a reference so the parent library is |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 494 | accessing the same array the driver object is using. This saves memory |
| 495 | and avoids synchronization issues during usage. |
| 496 | |
| 497 | Put your driver in the libraries/Session/drivers folder anywhere in your |
| 498 | package paths. This includes the application directory, the system directory, |
Michael | 5d4131b | 2013-09-30 12:22:29 +0300 | [diff] [blame] | 499 | or any path you add with ``$CI->load->add_package_path()``. Your driver must be |
dchill42 | 3169f26 | 2012-08-11 20:12:05 -0400 | [diff] [blame] | 500 | named CI_Session_<name>, and your filename must be Session_<name>.php, |
| 501 | preferably also capitalized, such as:: |
| 502 | |
| 503 | CI_Session_foo in libraries/Session/drivers/Session_foo.php |
| 504 | |
| 505 | Then specify the driver by setting 'sess_driver' in your config.php file or as a |
| 506 | parameter when loading the CI_Session object:: |
| 507 | |
| 508 | $config['sess_driver'] = 'foo'; |
| 509 | |
| 510 | OR:: |
| 511 | |
| 512 | $CI->load->driver('session', array('sess_driver' => 'foo')); |
| 513 | |
| 514 | The driver specified by 'sess_driver' is automatically included as a valid |
| 515 | driver. However, if you want to make a custom driver available as an option |
| 516 | without making it the initially loaded driver, set 'sess_valid_drivers' in |
| 517 | your config.php file to an array including your driver name:: |
| 518 | |
| 519 | $config['sess_valid_drivers'] = array('sess_driver'); |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 520 | |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 521 | *************** |
| 522 | Class Reference |
| 523 | *************** |
| 524 | |
| 525 | .. class:: CI_Session |
| 526 | |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 527 | .. method:: load_driver($driver) |
| 528 | |
| 529 | :param string $driver: Driver name |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 530 | :returns: object |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 531 | |
| 532 | Loads a session storage driver |
| 533 | |
| 534 | .. method:: select_driver($driver) |
| 535 | |
| 536 | :param string $driver: Driver name |
| 537 | :returns: void |
| 538 | |
| 539 | Selects default session storage driver. |
| 540 | |
| 541 | .. method:: sess_destroy() |
| 542 | |
| 543 | Destroys current session |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 544 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 545 | .. note:: This method should be the last one called, and even flash |
| 546 | variables will no longer be available after it is used. |
Connor Tumbleson | 75b3fb2 | 2014-01-11 06:58:43 -0600 | [diff] [blame] | 547 | If you only want some items destroyed and not all, use |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 548 | ``unset_userdata()``. |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 549 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 550 | .. method:: sess_regenerate([$destroy = FALSE]) |
| 551 | |
| 552 | :param bool $destroy: Whether to destroy session data |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 553 | :returns: void |
| 554 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 555 | Regenerate the current session data. |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 556 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 557 | .. method:: userdata([$item = NULL]) |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 558 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 559 | :param string $item: Session item name |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 560 | :returns: mixed |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 561 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 562 | If no parameter is passed, it will return an associative array of all existing userdata. |
| 563 | |
| 564 | Otherwise returns a string containing the value of the passed item or NULL if the item is not found. |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 565 | Example:: |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 566 | |
| 567 | $this->session->userdata('user'); |
| 568 | //returns example@example.com considering the set_userdata example. |
| 569 | |
| 570 | .. method:: all_userdata() |
| 571 | |
| 572 | :returns: array |
| 573 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 574 | Returns an array with all of the session userdata items. |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 575 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 576 | .. note:: This method is DEPRECATED. Use ``userdata()`` with no parameters instead. |
| 577 | |
| 578 | .. method:: &get_userdata() |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 579 | |
| 580 | :returns: array |
| 581 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 582 | Returns a reference to the userdata array. |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 583 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 584 | .. method:: set_userdata($newdata[, $newval = '']) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 585 | |
| 586 | :param mixed $newdata: Item name or array of items |
| 587 | :param mixed $newval: Item value or empty string (not required if $newdata is array) |
| 588 | :returns: void |
| 589 | |
| 590 | Sets items into session example usages:: |
| 591 | |
| 592 | $this->session->set_userdata('user', 'example@example.com'); |
| 593 | // adds item user with value example@example.com to the session |
| 594 | |
| 595 | $this->session->set_userdata(array('user'=>'example@example.com')); |
| 596 | // does the same as the above example - adds item user with value example@example.com to the session |
| 597 | |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 598 | .. method:: unset_userdata($item) |
| 599 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 600 | :param mixed $item: Item name or an array containing multiple items |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 601 | :returns: void |
| 602 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 603 | Unsets previously set items from the session. Example:: |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 604 | |
| 605 | $this->session->unset_userdata('user'); |
| 606 | //unsets 'user' from session data. |
| 607 | |
| 608 | $this->session->unset_userdata(array('user', 'useremail')); |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 609 | //unsets both 'user' and 'useremail' from the session data. |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 610 | |
| 611 | .. method:: has_userdata($item) |
| 612 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 613 | :param string $item: Item name |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 614 | :returns: bool |
| 615 | |
| 616 | Checks if an item exists in the session. |
| 617 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 618 | .. method:: flashdata([$item = NULL]) |
| 619 | |
| 620 | :param string $item: Flashdata item name |
| 621 | :returns: mixed |
| 622 | |
| 623 | If no parameter is passed, it will return an associative array of all existing flashdata. |
| 624 | |
| 625 | Otherwise returns a string containing the value of the passed item or NULL if the item is not found. |
| 626 | Example:: |
| 627 | |
| 628 | $this->session->flashdata('message'); |
| 629 | //returns 'Test message.' considering the set_flashdata example. |
| 630 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 631 | .. method:: set_flashdata($newdata[, $newval = '']) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 632 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 633 | :param mixed $newdata: Item name or an array of items |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 634 | :param mixed $newval: Item value or empty string (not required if $newdata is array) |
| 635 | :returns: void |
| 636 | |
| 637 | Sets items into session flashdata example usages:: |
| 638 | |
| 639 | $this->session->set_flashdata('message', 'Test message.'); |
| 640 | // adds item 'message' with value 'Test message.' to the session flashdata |
| 641 | |
| 642 | $this->session->set_flashdata(array('message'=>'Test message.')); |
| 643 | // does the same as the above example - adds item 'message' with value 'Test message.' |
| 644 | to the session flashdata |
| 645 | |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 646 | .. method:: keep_flashdata($item) |
| 647 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 648 | :param mixed $item: Item name or an array containing multiple flashdata items |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 649 | :returns: void |
| 650 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 651 | Keeps items into flashdata for one more request. |
Michael | e0a631c | 2013-10-20 10:40:51 +0300 | [diff] [blame] | 652 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 653 | .. method:: tempdata([$item = NULL]) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 654 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 655 | :param string $item: Tempdata item name |
| 656 | :returns: mixed |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 657 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 658 | If no parameter is passed, it will return an associative array of all existing tempdata. |
| 659 | |
| 660 | Otherwise returns a string containing the value of the passed item or NULL if the item is not found. |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 661 | Example:: |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 662 | |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 663 | $this->session->tempdata('message'); |
| 664 | //returns 'Test message.' considering the set_tempdata example. |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 665 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 666 | .. method:: set_tempdata($newdata[, $newval = ''[, $expire = 0]]) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 667 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 668 | :param mixed $newdata: Item name or array containing multiple items |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 669 | :param string $newval: Item value or empty string (not required if $newdata is array) |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 670 | :param int $expire: Lifetime in seconds (0 for default) |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 671 | :returns: void |
| 672 | |
| 673 | Sets items into session tempdata example:: |
| 674 | |
| 675 | $this->session->set_tempdata('message', 'Test message.', '60'); |
| 676 | // adds item 'message' with value 'Test message.' to the session tempdata for 60 seconds |
| 677 | |
| 678 | $this->session->set_tempdata(array('message'=>'Test message.')); |
| 679 | // does the same as the above example - adds item 'message' with value 'Test message.' |
| 680 | to the session tempdata for the default value of |
| 681 | |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 682 | .. method:: unset_tempdata($item) |
| 683 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 684 | :param mixed $item: Item name or an array containing multiple items |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 685 | :returns: void |
| 686 | |
Andrey Andreev | 1ee5a99 | 2014-01-06 13:08:47 +0200 | [diff] [blame] | 687 | Unsets previously set items from tempdata. Example:: |
Michael | 1c7438f | 2013-10-06 15:21:21 +0300 | [diff] [blame] | 688 | |
| 689 | $this->session->unset_tempdata('user'); |
| 690 | //unsets 'user' from tempdata. |
| 691 | |
| 692 | $this->session->unset_tempdata(array('user', 'useremail')); |
Andrey Andreev | 8b9dd22 | 2014-01-24 14:41:22 +0200 | [diff] [blame] | 693 | //unsets both 'user' and 'useremail' from the tempdata. |