Managing CodeIgniter sessions in mysql – Part 2
[avatar user=”extradrm” size=”thumbnail” align=”left”]
For some more complex applications that require little security via login panel, we need to manage codeigniter sessions in the database. Otherwise, an old session could be restored by a user modifying their cookies.
When session data is available in a database, every time a valid session is found in the user’s cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.
Update the file application/config/database.php in your CodeIgniter installation with your database info:
$db['default']['hostname'] = 'localhost'; $db['default']['username'] = 'yourdbusername'; $db['default']['password'] = 'yourdbpassword'; $db['default']['database'] = 'yourdbname';
In order to store sessions, you must first create a database table for this purpose. Here is the basic prototype (for MySQL) required by the session class :
CREATE TABLE IF NOT EXISTS `ci_sessions` ( session_id varchar(40) DEFAULT '0' NOT NULL, ip_address varchar(45) DEFAULT '0' NOT NULL, user_agent varchar(120) NOT NULL, last_activity int(10) unsigned DEFAULT 0 NOT NULL, user_data text NOT NULL, PRIMARY KEY (session_id), KEY `last_activity_idx` (`last_activity`) );
Note: By default the table is called ci_sessions, but you can name it anything you want as long as you update the application/config/config.php file so that it contains the name you have chosen. Once you have created your database table you can enable the database option in your config.php file as follows:
$config['sess_use_database'] = TRUE;
Once enabled, the Session class will store session data in the DB.
Make sure you’ve specified the table name in your config file as well:
$config['sess_table_name'] = 'ci_sessions';
In the file application/config/autoload.php you can configure the default libraries you want to load in all your controllers. For our case, we’ll load the database and session libraries, since we want to handle user sessions :
$autoload['libraries'] = array('database','session');
and also the URL helper for internal link generation :
$autoload['helper'] = array('url');
Even if you are not using encrypted sessions, you must set an encryption key in your config file which is used to aid in preventing session data manipulation.
To save your key to your application/config/config.php, open the file and set:
$config['encryption_key'] = "VERY LONG RANDOM KEY";
For example :
$config['encryption_key'] = "12?*RrfgysyuEssssZ90";
To read Part 3, on simple login tutorial with codeIgniter click Here (coming soon).