CodeIgniter 会话与 PHP 会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2005552/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
CodeIgniter sessions vs PHP sessions
提问by Mala
I'm relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP's $_SESSION variable to this end. However, CI seems to have its own session mechanism, which it claims is "better"
我对 CodeIgniter 比较陌生,正在制作我的第一个 CI 项目,其中有用户帐户等。过去,我一直为此使用 PHP 的 $_SESSION 变量。然而,CI 似乎有自己的会话机制,它声称它“更好”
CI's session mechanism seems to store all the data in a cookie? Personally I like the idea of all the data being stored on the server, accessed with a cookie-key like PHPs native session mechanism... Am I being dumb thinking that's better? Should I just accept CI's mechanism? Or should I go ahead and use native PHP sessions?
CI 的 session 机制好像把所有的数据都存储在一个 cookie 中?就我个人而言,我喜欢将所有数据存储在服务器上的想法,使用 cookie 密钥(如 PHP 的本机会话机制)进行访问……我是不是认为这样更好?我应该接受 CI 的机制吗?还是我应该继续使用本机 PHP 会话?
What do you guys do?
你们是做什么的?
Thanks,
Mala
谢谢,
马拉
采纳答案by Cinnamon
In my experience with CI I've encountered some anomalies with its sessions, but for most day-to-day needs the library is good and easy to work with. As it was pointed out, Flashdata is a very nice feature.
在我使用 CI 的经验中,我遇到了一些会话异常,但对于大多数日常需求,该库很好且易于使用。正如有人指出的那样,Flashdata 是一个非常好的功能。
If you choose to stay with CI's sessions, I'd strongly suggest to store sessions in a database and, additionally, encrypt cookies:
如果您选择继续使用 CI 的会话,我强烈建议将会话存储在数据库中,另外,加密 cookie:
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'sessions';
The database structure should be as follows:
数据库结构应如下所示:
CREATE TABLE IF NOT EXISTS `sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)
);
回答by álvaro González
The manual says more flexibilityrather than better;-)
手册说更多的灵活性而不是更好;-)
I presume the main benefit of CodeIgnite session class is that it integrates with the framework and it offers a few extra functionality, such as IP address tracking and what it calls flashdata(session data that's erased as soon as it's read). If you are using a framework in the first place that means these options may be attractive for you.
我认为 CodeIgnite 会话类的主要好处是它与框架集成,并提供了一些额外的功能,例如 IP 地址跟踪和它所谓的flashdata(会话数据在读取后立即删除)。如果您首先使用框架,这意味着这些选项可能对您有吸引力。
Whatever, you can also save session data into a database:
无论如何,您还可以将会话数据保存到数据库中:
回答by shin
Keep PHP session for important information and use CI session for less important info.
保持 PHP 会话获取重要信息,使用 CI 会话获取不太重要的信息。
Read here wyh.http://codeigniter.com/forums/viewthread/130577/
回答by Brian Hammond
I know this is an older post, but I feel it is worth sharing what I have found.
我知道这是一篇较旧的帖子,但我觉得值得分享我的发现。
Since CI uses a cookie based approach ( even with database storage ) it causes a problem for my particular app which serves data to remote clients requesting data through curl. The bottom line is Cookies and Cross Site Scripting, although manageable, do not play well together.
由于 CI 使用基于 cookie 的方法(即使使用数据库存储),它会导致我的特定应用程序出现问题,该应用程序向通过 curl 请求数据的远程客户端提供数据。归根结底是 Cookie 和跨站点脚本,虽然可以管理,但不能很好地协同工作。
I chose to try to override the native Session.php class provided by CI with my own MY_Session.php. I was happy to find this wasn't too difficult, but was surprised to find that CI was regenerating session id even though my script explicitly provided them.
我选择尝试用我自己的 MY_Session.php 覆盖 CI 提供的本机 Session.php 类。我很高兴地发现这并不太难,但很惊讶地发现 CI 正在重新生成会话 ID,即使我的脚本明确提供了它们。
According to the CI manual
根据CI手册
The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)
用户唯一的 Session ID(这是一个具有很强熵的统计随机字符串,为了可移植性用 MD5 散列,并且 每五分钟重新生成一次(默认情况下))
Although I can probably find a way to override this, I am wondering if it wouldn't be much easier to revert back to PHP sessions.
虽然我可能会找到一种方法来覆盖它,但我想知道恢复到 PHP 会话是否会容易得多。
Just food for thought if you're going to use CI.
如果您要使用 CI,请深思熟虑。
回答by Clain Dsilva
CI sessions has Storage size limitations
CI 会话具有存储大小限制
As you are aware , CI sessions are cookies basically, whether you encrypt it or not. As far as security is concerned both have its on pros and cons.
如您所知,无论是否加密,CI 会话基本上都是 cookie。就安全而言,两者都有其优点和缺点。
My concern was the size limit of CI sessions, It can hold only 4 kb data as its basically a cookie, while Native PHP session only stores reference id on cookie and all the session data is stored in server memory. This comes handy when you have a larger number of items need to be stored in a session.
我担心的是 CI 会话的大小限制,它只能容纳 4 kb 的数据,因为它基本上是一个 cookie,而原生 PHP 会话仅在 cookie 上存储引用 ID,所有会话数据都存储在服务器内存中。当您需要在会话中存储大量项目时,这会很方便。
Say a shopping cart with more items, or a user music playlist with more than 50 tracks... etc.
比如说有更多商品的购物车,或者有超过 50 首曲目的用户音乐播放列表……等等。
I hope this information helps someone some day.
我希望这些信息有一天能对某人有所帮助。
Cheers..!!
干杯..!!
