session handling

htdocs/application/config/config.php

@@ -241,44 +241,91 @@ $config['encryption_key'] = '';
 | Session Variables
 |--------------------------------------------------------------------------
 |
-| 'sess_cookie_name'		= the name you want for the cookie
+| 'sess_driver'
-| 'sess_expiration'			= the number of SECONDS you want the session to last.
+|
-|   by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
+|	The storage driver to use: files, database, redis, memcached
-| 'sess_expire_on_close'	= Whether to cause the session to expire automatically
+|
-|   when the browser window is closed
+| 'sess_cookie_name'
-| 'sess_encrypt_cookie'		= Whether to encrypt the cookie
+|
-| 'sess_use_database'		= Whether to save the session data to a database
+|	The session cookie name, must contain only [0-9a-z_-] characters
-| 'sess_table_name'			= The name of the session database table
+|
-| 'sess_match_ip'			= Whether to match the user's IP address when reading the session data
+| 'sess_expiration'
-| 'sess_match_useragent'	= Whether to match the User Agent when reading the session data
+|
-| 'sess_time_to_update'		= how many seconds between CI refreshing Session Information
+|	The number of SECONDS you want the session to last.
+|	Setting to 0 (zero) means expire when the browser is closed.
+|
+| 'sess_save_path'
+|
+|	The location to save sessions to, driver dependent.
+|
+|	For the 'files' driver, it's a path to a writable directory.
+|	WARNING: Only absolute paths are supported!
+|
+|	For the 'database' driver, it's a table name.
+|	Please read up the manual for the format with other session drivers.
+|
+|	IMPORTANT: You are REQUIRED to set a valid save path!
+|
+| 'sess_match_ip'
+|
+|	Whether to match the user's IP address when reading the session data.
+|
+| 'sess_time_to_update'
+|
+|	How many seconds between CI regenerating the session ID.
+|
+| 'sess_regenerate_destroy'
+|
+|	Whether to destroy session data associated with the old session ID
+|	when auto-regenerating the session ID. When set to FALSE, the data
+|	will be later deleted by the garbage collector.
+|
+| Other session cookie settings are shared with the rest of the application,
+| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
 |
 */
-$config['sess_cookie_name']		= 'stikked';
+$config['sess_driver'] = 'database';
-$config['sess_expiration']		= 60*60*24*1;
+$config['sess_cookie_name'] = 'stikked';
-$config['sess_expire_on_close']	= FALSE;
+$config['sess_expiration'] = 60*60*24*1;
-$config['sess_encrypt_cookie']	= FALSE;
+$config['sess_save_path'] = 'sessions';
-$config['sess_use_database']	= TRUE;
+$config['sess_match_ip'] = FALSE;
-$config['sess_table_name']		= 'ci_sessions';
+$config['sess_time_to_update'] = 300;
-$config['sess_match_ip']		= FALSE;
+$config['sess_regenerate_destroy'] = FALSE;
-$config['sess_match_useragent']	= TRUE;
-$config['sess_time_to_update']	= 300;
 
 /*
 |--------------------------------------------------------------------------
 | Cookie Related Variables
 |--------------------------------------------------------------------------
 |
-| 'cookie_prefix' = Set a prefix if you need to avoid collisions
+| 'cookie_prefix'   = Set a cookie name prefix if you need to avoid collisions
-| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
+| 'cookie_domain'   = Set to .your-domain.com for site-wide cookies
-| 'cookie_path'   =  Typically will be a forward slash
+| 'cookie_path'     = Typically will be a forward slash
-| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
+| 'cookie_secure'   = Cookie will only be set if a secure HTTPS connection exists.
+| 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript)
+|
+| Note: These settings (with the exception of 'cookie_prefix' and
+|       'cookie_httponly') will also affect sessions.
 |
 */
-$config['cookie_prefix']	= "";
+$config['cookie_prefix']	= '';
-$config['cookie_domain']	= "";
+$config['cookie_domain']	= '';
-$config['cookie_path']		= "/";
+$config['cookie_path']		= '/';
 $config['cookie_secure']	= FALSE;
+$config['cookie_httponly'] 	= FALSE;
+
+/*
+|--------------------------------------------------------------------------
+| Standardize newlines
+|--------------------------------------------------------------------------
+|
+| Determines whether to standardize newline characters in input data,
+| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value.
+|
+| This is particularly useful for portability between UNIX-based OSes,
+| (usually \n) and Windows (\r\n).
+|
+*/
+$config['standardize_newlines'] = TRUE;
 
 /*
 |--------------------------------------------------------------------------

htdocs/application/controllers/Main.php

@@ -59,11 +59,16 @@ class Main extends CI_Controller
 			$this->use_recaptcha = true;
 		}
 		
-		if (!$this->db->table_exists('ci_sessions')) 
+		if (!$this->db->table_exists('sessions')) 
 		{
 			$this->load->dbforge();
+			
+			if ($this->db->table_exists('ci_sessions')) 
+			{
+				$this->dbforge->drop_table('ci_sessions');
+			}
 			$fields = array(
-				'session_id' => array(
+				'id' => array(
 					'type' => 'VARCHAR',
 					'constraint' => 40,
 					'default' => 0,
@@ -73,23 +78,19 @@ class Main extends CI_Controller
 					'constraint' => 45,
 					'default' => 0,
 				) ,
-				'user_agent' => array(
+				'timestamp' => array(
-					'type' => 'VARCHAR',
-					'constraint' => 50,
-				) ,
-				'last_activity' => array(
 					'type' => 'INT',
 					'constraint' => 10,
 					'unsigned' => TRUE,
 					'default' => 0,
 				) ,
-				'session_data' => array(
+				'data' => array(
-					'type' => 'TEXT',
+					'type' => 'BLOB',
-					'null' => TRUE,
 				) ,
 			);
 			$this->dbforge->add_field($fields);
-			$this->dbforge->add_key('session_id', true);
+			$this->dbforge->add_key('id', true);
+			$this->dbforge->add_key('timestamp');
 			$this->dbforge->create_table('ci_sessions', true);
 		}