| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
| 2 | <html>
|
| 3 | <head>
|
| 4 |
|
| 5 | <title>Code Igniter User Guide</title>
|
| 6 |
|
| 7 | <style type='text/css' media='all'>@import url('../userguide.css');</style>
|
| 8 | <link rel='stylesheet' type='text/css' media='all' href='../userguide.css' />
|
| 9 |
|
| admin | 17a890d | 2006-09-27 20:42:42 +0000 | [diff] [blame] | 10 | <script type="text/javascript" src="../nav/nav.js"></script>
|
| admin | 2296fc3 | 2006-09-27 21:07:02 +0000 | [diff] [blame] | 11 | <script type="text/javascript" src="../nav/prototype.lite.js"></script>
|
| admin | 17a890d | 2006-09-27 20:42:42 +0000 | [diff] [blame] | 12 | <script type="text/javascript" src="../nav/moo.fx.js"></script>
|
| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 13 | <script type="text/javascript">
|
| 14 | window.onload = function() {
|
| 15 | myHeight = new fx.Height('nav', {duration: 400});
|
| 16 | myHeight.hide();
|
| 17 | }
|
| 18 | </script>
|
| 19 |
|
| 20 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
| 21 | <meta http-equiv='expires' content='-1' />
|
| 22 | <meta http-equiv= 'pragma' content='no-cache' />
|
| 23 | <meta name='robots' content='all' />
|
| 24 | <meta name='author' content='Rick Ellis' />
|
| 25 | <meta name='description' content='Code Igniter User Guide' />
|
| 26 |
|
| 27 | </head>
|
| 28 | <body>
|
| 29 |
|
| 30 | <!-- START NAVIGATION -->
|
| 31 | <div id="nav"><div id="nav_inner"><script type="text/javascript">create_menu('../');</script></div></div>
|
| 32 | <div id="nav2"><a name="top"></a><a href="javascript:void(0);" onclick="myHeight.toggle();"><img src="../images/nav_toggle.jpg" width="153" height="44" border="0" title="Toggle Table of Contents" alt="Toggle Table of Contents" /></a></div>
|
| 33 | <div id="masthead">
|
| 34 | <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
|
| 35 | <tr>
|
| admin | 10c3f41 | 2006-10-08 07:21:12 +0000 | [diff] [blame] | 36 | <td><h1>Code Igniter User Guide Version 1.5.0b1</h1></td>
|
| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 37 | <td id="breadcrumb_right"><a href="../toc.html">Full Table of Contents</a></td>
|
| 38 | </tr>
|
| 39 | </table>
|
| 40 | </div>
|
| 41 | <!-- END NAVIGATION -->
|
| 42 |
|
| 43 |
|
| 44 | <!-- START BREADCRUMB -->
|
| 45 | <table cellpadding="0" cellspacing="0" border="0" style="width:100%">
|
| 46 | <tr>
|
| 47 | <td id="breadcrumb">
|
| 48 | <a href="http://www.codeigniter.com/">Code Igniter Home</a> ›
|
| 49 | <a href="../index.html">User Guide Home</a> ›
|
| 50 | Session Class
|
| 51 | </td>
|
| 52 | <td id="searchbox"><form method="get" action="http://www.google.com/search"><input type="hidden" name="as_sitesearch" id="as_sitesearch" value="www.codeigniter.com/user_guide/" />Search User Guide <input type="text" class="input" style="width:200px;" name="q" id="q" size="31" maxlength="255" value="" /> <input type="submit" class="submit" name="sa" value="Go" /></form></td>
|
| 53 | </tr>
|
| 54 | </table>
|
| 55 | <!-- END BREADCRUMB -->
|
| 56 |
|
| 57 | <br clear="all" />
|
| 58 |
|
| 59 |
|
| 60 | <!-- START CONTENT -->
|
| 61 | <div id="content">
|
| 62 |
|
| 63 |
|
| 64 | <h1>Session Class</h1>
|
| 65 |
|
| 66 | <p>The Session class permits you maintain a user's "state" and track their activity while they browse your site.
|
| 67 | The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie.
|
| 68 | It can also store the session data in a database table for added security, as this permits the session ID in the
|
| 69 | user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to
|
| 70 | use the database option you'll need to create the session table as indicated below.
|
| 71 | </p>
|
| 72 |
|
| 73 | <p class="important"><strong>Note:</strong> The Session class does <strong>not</strong> utilize native PHP sessions. It
|
| 74 | generates its own session data, offering more flexibility for developers.</p>
|
| 75 |
|
| 76 | <h2>Initializing a Session</h2>
|
| 77 |
|
| 78 | <p>Sessions will typically run globally with each page load, so the session class must either be
|
| 79 | <a href="../general/libraries.html">initialized</a> in your
|
| 80 | <a href="../general/controllers.html">controller</a> constructors, or it can be
|
| 81 | <a href="../general/autoloader.html">auto-loaded</a> by the system.
|
| 82 | For the most part the session class will run unattended in the background, so simply initializing the class
|
| 83 | will cause it to read, create, and update sessions.</p>
|
| 84 |
|
| 85 |
|
| 86 | <p>To initialize the Session class manually in your controller constructor, use the <dfn>$this->load->library</dfn> function:</p>
|
| 87 |
|
| 88 | <code>$this->load->library('session');</code>
|
| 89 | <p>Once loaded, the Sessions library object will be available using: <dfn>$this->session</dfn></p>
|
| admin | b1fddc0 | 2006-10-09 21:29:07 +0000 | [diff] [blame^] | 90 | <p>You can also set your own class variable name. Please see the <a href="loader.html">Loader Class</a> for more info.</p>
|
| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 91 |
|
| 92 |
|
| 93 | <h2>How do Sessions work?</h2>
|
| 94 |
|
| 95 | <p>When a page is loaded, the session class will check to see if valid session data exists in the user's session cookie.
|
| 96 | If sessions data does <strong>not</strong> exist (or if it has expired) a new session will be created and saved in the cookie.
|
| 97 | If a session does exist, its information will be updated and the cookie will be updated.</p>
|
| 98 |
|
| 99 | <p>It's important for you to understand that once initialized, the Session class runs automatically. There is nothing
|
| 100 | you need to do to cause the above behavior to happen. You can, as you'll see below, work with session data or
|
| 101 | even add your own data to a user's session, but the process of reading, writing, and updating a session is automatic.</p>
|
| 102 |
|
| 103 |
|
| 104 | <h2>What is Session Data?</h2>
|
| 105 |
|
| 106 | <p>A <em>session</em>, as far as Code Igniter is concerned, is simply an array containing the following information:</p>
|
| 107 |
|
| 108 | <ul>
|
| 109 | <li>The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability)</li>
|
| 110 | <li>The user's IP Address</li>
|
| 111 | <li>The user's User Agent data (the first 50 characters of the browser data string)</li>
|
| 112 | <li>The "last activity" and "last visit" time stamps.</li>
|
| 113 | </ul>
|
| 114 |
|
| 115 | <p>The above data is stored in a cookie as a serialized array with this prototype:</p>
|
| 116 |
|
| 117 | <code>[array]<br />
|
| 118 | (<br />
|
| 119 | 'session_id' => random hash,<br />
|
| 120 | 'ip_address' => 'string - user IP address',<br />
|
| 121 | 'user_agent' => 'string - user agent data',<br />
|
| 122 | 'last_activity' => timestamp,<br />
|
| 123 | 'last_visit' => timestamp<br />
|
| 124 | )</code>
|
| 125 |
|
| 126 | <p>If you have the encryption option enabled, the serialized array will be encrypted before being stored in the cookie,
|
| 127 | making the data highly secure and impervious to being read or altered by someone. More info regarding encryption
|
| 128 | can be <a href="encryption.html">found here</a>, although the Session class will take care of initializing
|
| 129 | and encrypting the data automatically.</p>
|
| 130 |
|
| 131 | <p>Note: Session cookies are only updated every five minutes to reduce processor load. If you repeatedly reload a page
|
| 132 | you'll notice that the "last activity" time only updates if five minutes or more has passed since the last time
|
| 133 | the cookie was written.</p>
|
| 134 |
|
| 135 | <h2>Retrieving Session Data</h2>
|
| 136 |
|
| 137 | <p>Any piece of information from the session array is available using the following function:</p>
|
| 138 |
|
| 139 | <code>$this->session->userdata('<samp>item</samp>');</code>
|
| 140 |
|
| 141 | <p>Where <samp>item</samp> is the array index corresponding to the item you wish to fetch. For example, to fetch the session ID you
|
| 142 | will do this:</p>
|
| 143 |
|
| 144 | <code>$session_id = $this->session->userdata('<samp>session_id</samp>');</code>
|
| 145 |
|
| 146 | <p><strong>Note:</strong> The function returns FALSE (boolean) if the item you are trying to access does not exist.</p>
|
| 147 |
|
| 148 |
|
| 149 | <h2>Adding Custom Session Data</h2>
|
| 150 |
|
| 151 | <p>A useful aspect of the session array is that you can add your own data to it and it will be stored in the user's cookie.
|
| 152 | Why would you want to do this? Here's one example:</p>
|
| 153 |
|
| 154 | <p>Let's say a particular user logs into your site. Once authenticated,
|
| 155 | you could add their username and email address to the session cookie, making that data globally available to you without
|
| 156 | having to run a database query when you need it.</p>
|
| 157 |
|
| 158 | <p>To add your data to the session array involves passing an array containing your new data to this function:</p>
|
| 159 |
|
| 160 | <code>$this->session->set_userdata(<samp>$array</samp>);</code>
|
| 161 |
|
| 162 | <p>Where <samp>$array</samp> is an associative array containing your new data. Here's an example:</p>
|
| 163 |
|
| 164 |
|
| 165 | <code>$newdata = array(<br />
|
| 166 | 'username' => 'johndoe',<br />
|
| 167 | 'email' => 'johndoe@some-site.com',<br />
|
| 168 | 'logged_in' => TRUE<br />
|
| 169 | );<br />
|
| 170 | <br />
|
| 171 | $this->session->set_userdata(<samp>$newdata</samp>);</code>
|
| 172 |
|
| 173 | <p class="important"><strong>Note:</strong> Cookies can only hold 4KB of data, so be careful not to exceed the capacity. The
|
| 174 | encryption process in particular produces a longer data string than the original so keep careful track of how much data you are storing.</p>
|
| 175 |
|
| 176 | <h2>Saving Session Data to a Database</h2>
|
| 177 |
|
| 178 | <p>While the session data array stored in the user's cookie contains a Session ID,
|
| 179 | unless you store session data in a database there is no way to validate it. For some applications that require little or no
|
| 180 | security, session ID validation may not be needed, but if your application requires security, validation is mandatory.</p>
|
| 181 |
|
| 182 | <p>When session data is available in a database, every time a valid session is found in the user's cookie, a database
|
| 183 | query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never
|
| 184 | be updated, they can only be generated when a new session is created.</p>
|
| 185 |
|
| 186 | <p>In order to store sessions, you must first create a database table for this purpose. Here is the basic
|
| admin | 990e3c6 | 2006-09-17 18:47:00 +0000 | [diff] [blame] | 187 | prototype (for MySQL) required by the session class:</p>
|
| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 188 |
|
| 189 | <textarea class="textarea" style="width:100%" cols="50" rows="8">
|
| 190 | CREATE TABLE IF NOT EXISTS `ci_sessions` (
|
| 191 | session_id varchar(40) DEFAULT '0' NOT NULL,
|
| 192 | ip_address varchar(16) DEFAULT '0' NOT NULL,
|
| 193 | user_agent varchar(50) NOT NULL,
|
| 194 | last_activity int(10) unsigned DEFAULT 0 NOT NULL,
|
| 195 | PRIMARY KEY (session_id)
|
| 196 | );</textarea>
|
| 197 |
|
| 198 | <p><strong>Note:</strong> By default the table is called <dfn>ci_sessions</dfn>, but you can name it anything you want
|
| 199 | as long as you update the <kbd>application/config/config.php</kbd> file so that it contains the name you have chosen.
|
| 200 | Once you have created your database table you can enable the database option in your config.php file as follows:</p>
|
| 201 |
|
| 202 | <code>$config['sess_use_database'] = TRUE;</code>
|
| 203 |
|
| 204 | <p>Once enabled, the Session class will store session data in the DB.</p>
|
| 205 |
|
| admin | 990e3c6 | 2006-09-17 18:47:00 +0000 | [diff] [blame] | 206 | <p>Make sure you've specified the table name in your config file as well:</p>
|
| 207 |
|
| 208 | <code>$config['sess_table_name'] = 'ci_sessions";</code>
|
| 209 |
|
| 210 | <p class="important"><strong>Note:</strong> The Session class has built-in garbage collection which clears out expired sessions so you
|
| 211 | do not need to write your own routine to do it.</p>
|
| 212 |
|
| 213 |
|
| admin | b0dd10f | 2006-08-25 17:25:49 +0000 | [diff] [blame] | 214 | <h2>Session Preferences</h2>
|
| 215 |
|
| 216 | <p>You'll find the following Session related preferences in your <kbd>application/config/config.php</kbd> file:</p>
|
| 217 |
|
| 218 |
|
| 219 | <table cellpadding="0" cellspacing="1" border="0" style="width:100%" class="tableborder">
|
| 220 | <tr>
|
| 221 | <th>Preference</th>
|
| 222 | <th>Default</th>
|
| 223 | <th>Options</th>
|
| 224 | <th>Description</th>
|
| 225 |
|
| 226 | </tr><tr>
|
| 227 | <td class="td"><strong>sess_cookie_name</strong></td>
|
| 228 | <td class="td">ci_session</td
|
| 229 | ><td class="td">None</td>
|
| 230 | <td class="td">The name you world the session cookie saved as.</td>
|
| 231 |
|
| 232 | </tr><tr>
|
| 233 | <td class="td"><strong>sess_expiration</strong></td>
|
| 234 | <td class="td">7200</td>
|
| 235 | <td class="td">None</td>
|
| 236 | <td class="td">The number of seconds you would like the session to last. The default value is 2 hours (7200 seconds).
|
| 237 | If you would like a non-expiring session set the value to zero: 0</td>
|
| 238 |
|
| 239 |
|
| 240 | </tr><tr>
|
| 241 | <td class="td"><strong>sess_encrypt_cookie</strong></td>
|
| 242 | <td class="td">TRUE</td>
|
| 243 | <td class="td">TRUE/FALSE (boolean)</td>
|
| 244 | <td class="td">Whether to encrypt the session data.</td>
|
| 245 |
|
| 246 | </tr><tr>
|
| 247 | <td class="td"><strong>sess_use_database</strong></td>
|
| 248 | <td class="td">FALSE</td>
|
| 249 | <td class="td">TRUE/FALSE (boolean)</td>
|
| 250 | <td class="td">Whether to save the session data to a database. You must create the table before enabling this option.</td>
|
| 251 |
|
| 252 | </tr><tr>
|
| 253 | <td class="td"><strong>sess_table_name</strong></td>
|
| 254 | <td class="td">ci_sessions</td
|
| 255 | ><td class="td">Any valid SQL table name</td>
|
| 256 | <td class="td">The name of the session database table.</td>
|
| 257 |
|
| 258 | </tr><tr>
|
| 259 | <td class="td"><strong>sess_match_ip</strong></td>
|
| 260 | <td class="td">FALSE</td>
|
| 261 | <td class="td">TRUE/FALSE (boolean)</td>
|
| 262 | <td class="td">Whether to match the user's IP address when reading the session data. Note that some ISPs dynamically
|
| 263 | changes the IP, so if you want a non-expiring session you will likely set this to FALSE.</td>
|
| 264 |
|
| 265 | </tr><tr>
|
| 266 | <td class="td"><strong>sess_match_useragent</strong></td>
|
| 267 | <td class="td">TRUE</td>
|
| 268 | <td class="td">TRUE/FALSE (boolean)</td>
|
| 269 | <td class="td">Whether to match the User Agent when reading the session data.</td>
|
| 270 |
|
| 271 |
|
| 272 | </tr>
|
| 273 | </table>
|
| 274 |
|
| 275 |
|
| 276 | </div>
|
| 277 | <!-- END CONTENT -->
|
| 278 |
|
| 279 |
|
| 280 | <div id="footer">
|
| 281 | <p>
|
| 282 | Previous Topic: <a href="pagination.html">Pagination Class</a>
|
| 283 | ·
|
| 284 | <a href="#top">Top of Page</a> ·
|
| 285 | <a href="../index.html">User Guide Home</a> ·
|
| 286 | Next Topic: <a href="trackback.html">Trackback Class</a>
|
| 287 | <p>
|
| 288 | <p><a href="http://www.codeigniter.com">Code Igniter</a> · Copyright © 2006 · <a href="http://www.pmachine.com">pMachine, Inc.</a></p>
|
| 289 | </div>
|
| 290 |
|
| 291 | </body>
|
| 292 | </html> |