Ci-system/libraries/session. php

System/libraries/session. php

The implementation mechanism of the cisession class is to use the cookie of the browser. If the cookie is disabled, the session will not be available. The Internet also says that cisession is inexplicably lost, so let's look at it directly.CodeIt makes more sense than unnecessary guesses.

 /*  ** Fetch the current session data if it exists ** @ access public * @ return bool  */      Function  Sess_read (){  //  Fetch the cookie          $ Session = $ This -> Ci-> input-> cookie ( $ This ->Sess_cookie_name); // obtain data through cookies  //  No cookie? Goodbye cruel world !...          If ( $ Session === False  ) {Log_message ( 'Debug', 'a session cookie was not found .' );  Return   False  ;}  //  Decrypt the cookie data         If ( $ This -> Sess_encrypt_cookie = True  ){  $ Session = $ This -> Ci-> encrypt-> decode ( $ Session  );}  Else  {
// Here, even if you do not use encryption in the settings, you must set an encryption key because CI must ensure that the data obtained from the client cookie is reliable.  //  Encryption was not used, so we need to check the MD5 Hash             $ Hash = Substr ( $ Session , Strlen ( $ Session )-32 ); //  Get last 32 chars // obtain the hash value              $ Session = Substr ( $ Session , 0, Strlen ( $ Session )-32 ); // Real session content //  Does the MD5 hash match? This is to prevent manipulation of session data in userspace
// Use the Session Encryption key and session content in the configuration file to perform MD5 operations on the session and compare it with the hash value obtained above              If ( $ Hash ! = MD5 ( $ Session . $ This -> Encryption_key) {log_message ( 'Error', 'the session cookie data did not match what was expected. This cocould be a possible hacking attempt .' );  $ This -> Sess_destroy ();  Return   False  ;}}  //  Unserialize the session Array          $ Session = $ This -> _ Unserialize ( $ Session  );  //  Is the session data we unserialized an array with the correct format?          If (!Is_array ( $ Session ) Or! Isset ( $ Session ['Session _ id']) or! Isset ( $ Session ['IP _ address']) or! Isset ( $ Session ['User _ agent']) or! Isset ( $ Session ['Last _ activity' ]) {  $ This ->Sess_destroy ();  Return   False  ;}  //  Is the session current?          If (( $ Session ['Last _ activity'] + $ This -> Sess_expiration) < $ This -> Now ){  $ This -> Sess_destroy (); Return   False  ;}  //  Does the IP match? There is nothing to say about IP address matching.          If ( $ This -> Sess_match_ip = True And $ Session ['IP _ address']! = $ This -> Ci-> input-> Ip_address ()){  $ This -> Sess_destroy (); Return   False  ;}  //  Does the User Agent match? The browser user_agent matches. here we need to note that it only matches the 120 characters of data obtained from the client.          If ( $ This -> Sess_match_useragent = True And Trim ( $ Session ['User _ agent'])! = Trim ( Substr ( $ This -> Ci-> input-> user_agent (), 0,120 ))){  $ This -> Sess_destroy ();  Return   False  ;}  //  Is there a corresponding session in the DB? If your CI session is configured to use the database, the record will be queried in the database.          If ( $ This -> Sess_use_database === True  ){ $ This -> Ci-> DB-> where ('session _ id ', $ Session ['Session _ id' ]);  If ( $ This -> Sess_match_ip = True  ){  $ This -> Ci-> DB-> where ('IP _ address ', $ Session ['IP _ address' ]);}  If ( $ This -> Sess_match_useragent = True  ){  $ This -> Ci-> DB-> where ('user _ agent ', $ Session ['User _ agent' ]);}  $ Query = $ This -> Ci-> DB-> get ( $ This -> Sess_table_name );  //  No result? Kill it!              If ($ Query -> Num_rows () = 0 ){  $ This -> Sess_destroy ();  Return   False  ;}  //  Is there custom data? If so, add it to the main session Array              $ Row = $ Query -> Row ();  If (Isset ( $ Row -> User_data) and $ Row -> User_data! ='' ){  $ Custom_data = $ This -> _ Unserialize ( $ Row -> User_data );  If ( Is_array ( $ Custom_data  )){ Foreach ( $ Custom_data   As   $ Key => $ Val  ){  $ Session [ $ Key ] = $ Val  ;}}}}  //  Session is valid!          $ This -> Userdata =$ Session  ;  Unset ( $ Session  );  Return   True  ;}