This example describes the session usage of the CodeIgniter configuration. Share to everyone for your reference, specific as follows:
Just use CodeIgniter was also one of the session confused, and then no longer have no use CI from the session, presumably still need to tidy up the session. To figure out the session in CI, let's say how the session in PHP works. Because the HTTP protocol itself is stateless, when a user's access state information is retained, the client is required to have a unique identity passed to the server, which is the session ID, stored in the client's cookie, and then the service side reads the stored User state information according to the identity. Achieves the purpose of saving session state. To start a session in PHP, you need to execute the following statement:
1, each request of the client will have some information stored in the HTTP header sent to the server, the user's first visit as an example:
2, the service received the request processing and returned to the client, and in the HTTP response add cookies to the request, told the browser needs to set a cookie,cookie named Phpsessid, Value is r887k5n4scg32d4ba34huuhmq7, such as:
3. When the client accesses the page of the website again, the browser will send the cookie to the service side, and the server can read the file of the session on the servers according to the value of the cookie, and get the message, such as:
To achieve the purpose of saving session state. But also note, what happens if you get the session ID of User a login? According to the above logic, if the acquisition of the session ID in the process of a concurrent to the server, the server to read the file according to the session ID, found that the contents of the file to determine the user as a user, that is, access to a user's state, which may be able to do some sensitive operations Therefore, within the session lifetime, get to the sessions ID is to obtain the user's authorization, which is more dangerous, with a local management system as an example, through the chrome login to see the client cookies below the following figure:
If you get the session ID by some means, you can simulate sending an identical cookie in the past to achieve login. Firefox can add cookies, open Firebug cookies after the new cookie, and then refresh the page to login to the management system, as shown below:
Usually you can get cookies through JS, so you need to be aware of escaping to prevent the data from being performed when it is displayed. Next look at the session in CI. There are several parameters associated with the session configuration in the configuration file that affect the use of the session, which are:
The name of the session saved in the cookie $config [' sess_cookie_name '] = ' ci_session '; The effective time of session $config [' sess_expiration '] = 7200; Whether to close the browser session expiration $config [' sess_expire_on_close '] = FALSE; Whether the session is encrypted and stored in the cookie $config [' sess_encrypt_cookie '] = FALSE; Whether to save in the database $config [' sess_use_database '] = FALSE; exists in the database, the database table name $config [' sess_table_name '] = ' ci_sessions '; Whether to match IP $config [' sess_match_ip '] = FALSE; Whether to match useragent $config [' sess_match_useragent '] = TRUE; Update Time $config [' sess_time_to_update '] = 300;
CI comes with a session without a server-side file store, all information is stored in the client cookie, when the call to $this->load->library (' sessions '); The contents of the cookie are as follows:
Array ( [session_id] => f05138a9513e4928cb0a57672cfe3b53 [ip_address] => 127.0.0.1 [user_ Agent] => mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) chrome/31.0.1650.63 safari/537.36 [last_activity] => 1386569398 [User_data] => )
This information is transmitted to the server in the HTTP header when the client requests it, and the server reads the session information from the HTTP header. The same can be achieved session, but the way there are many uncertainties, according to the source say a few points bar:
1, if the log file appears: The session cookie data did not match what is expected. This is could be a possible hacking attempt. Describes two issues: A.sess_encrypt_cookie for false,session stored in cookies unencrypted B. The checksum fails after reading to the cookie. Involving encryption and decryption, parameter processing, it is easy to match the failure of the case, if not through the empty session.
2, if Sess_match_ip is true, when the client IP changes, session officers transferred Guevara not pass, thus emptying the session.
3, Sess_match_useragent defaults to True, when the client useragent changes, the checksum does not pass, empty sesion. Simple example, through IE browser access, if the switch to different IE mode, the agent is different, so the checksum does not pass, empty session.
As you can see, when any of the above situations occur, the session will be emptied, the login is unsuccessful or jump to the login page. If say not encrypt, do not check IP, useragent? Because cookies are stored on the client, you need to accompany the HTTP request to the server, one too many cookies will affect the speed, for some pictures and other resources to waste bandwidth completely, and the cookie can only store 4K of data, encryption processing can store smaller.
All sorts of uncertainties will create strange problems, avoid too much entanglement, and decisively switch to other ways.
More about the CodeIgniter framework interested readers can view the site topic: "CodeIgniter Introductory Course"
I hope this article will help you with the PHP program design based on CodeIgniter framework.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
