Menu
I've read about how CI handles sessions differently than native sessions and feel slightly insecure about storing all the data in a cookie(?), unlike PHP's native session which only stores the session ID(?). So I've decided to use native sessions without the CI native_session library.
Now, I know that the Input Class in CI validates Isset with a true/false statement like this:
if ($this->input->post('something'))
which renders the Isset function unable to work (it gives an error). However, I'd like to check my native sessions with the Isset function, so how can I do this? I've tried
if (isset($_SESSION['keyHere']))
which gives me an error.
So to sum up: I want to use Isset on my session array as I feel using
if ($_SESSION['keyHere'])
without the Isset might be 'dangerous/foolish'.
Also, as a last question I'm curious about which session handling you think is safest? CI's Session Class or PHP's native handling with server-side storage etc.? I'd very much like to feel as safe as possible when it comes to sessions, no matter if it means I'll have to write longer code.
485
Ok so, lets talk about the problem that you're having with isset! i agree to all answers behind, the empty function its an good try, using array_key_exists too, but isset have your own place on php language.
At first you didn't post the error taht you're getting, bu as @GolezTrol saidyou're probally having trouble with session_start().
You need to put it on the top of the page, before any scripts. I would put this code before all scripts, and the best place to put it its inside the config/config.php page, at the start of it, or maybe on the root index.php
Using it, you will starting the session on all pages of your system. Well, about your second question.
I think the session native of PHP its really secure, but the session of Codeigniter it's really nice too.
Codeigniter has some problems with the security, when we talk about cookies, if we are handling with important data of system, its hard to work with it, especially if someone else could edit it, thinking about all of it that i describe above, i could say that Codeigniter has a good seession library, even if we are working with important data.
If you don't believe on the security of cookie, just put on database, and you will have any trouble with it. The good thing its the ability and the facility to work with this class on everyplace of the system!
Actually i'm using the way of database, and i suggest it.
99
I would use array_key_exists instead of isset. isset also checks if the value is not null, so an array with an existing key but a value of null will still return false. You know it is an array and you want to check if a key exists, so it makes the most sense to use array_key_exists.
But that's not the problem. :D
I think you need to call session_start() first.
PHP's native session handling performs just fine as long as you are on a single webserver.
31
$data=$this->session->userdata("session variable");
if($data)
{
// do something
}
use this in your CI code files. it works for me all the time !
1
$logindata = $this->session->userdata('username');
if ($logindata !== FALSE)
{
//it exists
}
might help!
1
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
