CodeIgniter sessions vs PHP sessions


I'm relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP's $_SESSION variable to this end. However, CI seems to have its own session mechanism, which it claims is "better"

CI's session mechanism seems to store all the data in a cookie? Personally I like the idea of all the data being stored on the server, accessed with a cookie-key like PHPs native session mechanism... Am I being dumb thinking that's better? Should I just accept CI's mechanism? Or should I go ahead and use native PHP sessions?

What do you guys do?


1/24/2014 11:38:07 AM

Accepted Answer

In my experience with CI I've encountered some anomalies with its sessions, but for most day-to-day needs the library is good and easy to work with. As it was pointed out, Flashdata is a very nice feature.

If you choose to stay with CI's sessions, I'd strongly suggest to store sessions in a database and, additionally, encrypt cookies:

$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database']   = TRUE;
$config['sess_table_name']     = 'sessions';

The database structure should be as follows:

    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(50) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id)
1/6/2010 12:25:37 PM

The manual says more flexibility rather than better ;-)

I presume the main benefit of CodeIgnite session class is that it integrates with the framework and it offers a few extra functionality, such as IP address tracking and what it calls flashdata (session data that's erased as soon as it's read). If you are using a framework in the first place that means these options may be attractive for you.

Whatever, you can also save session data into a database:

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow