Using Isset with native sessions in CodeIgniter

I've read about how CI handles sessions differently than native sessions and feel slightly insecure about storing all the data in a cookie(?), unlike PHP's native session which only stores the session ID(?). So I've decided to use native sessions without the CI native_session library.

Now, I know that the Input Class in CI validates Isset with a true/false statement like this:

if ($this->input->post('something'))

which renders the Isset function unable to work (it gives an error). However, I'd like to check my native sessions with the Isset function, so how can I do this? I've tried

if (isset($_SESSION['keyHere']))

which gives me an error.

So to sum up: I want to use Isset on my session array as I feel using

if ($_SESSION['keyHere'])

without the Isset might be开发者_如何学JAVA 'dangerous/foolish'.

Also, as a last question I'm curious about which session handling you think is safest? CI's Session Class or PHP's native handling with server-side storage etc.? I'd very much like to feel as safe as possible when it comes to sessions, no matter if it means I'll have to write longer code.

Ok so, lets talk about the problem that you're having with isset! i agree to all answers behind, the empty function its an good try, using array_key_exists too, but isset have your own place on php language.

At first you didn't post the error taht you're getting, bu as @GolezTrol saidyou're probally having trouble with session_start().

You need to put it on the top of the page, before any scripts. I would put this code before all scripts, and the best place to put it its inside the config/config.php page, at the start of it, or maybe on the root index.php

Using it, you will starting the session on all pages of your system. Well, about your second question.

I think the session native of PHP its really secure, but the session of Codeigniter it's really nice too.

Codeigniter has some problems with the security, when we talk about cookies, if we are handling with important data of system, its hard to work with it, especially if someone else could edit it, thinking about all of it that i describe above, i could say that Codeigniter has a good seession library, even if we are working with important data.

If you don't believe on the security of cookie, just put on database, and you will have any trouble with it. The good thing its the ability and the facility to work with this class on everyplace of the system!

Actually i'm using the way of database, and i suggest it.

I would use array_key_exists instead of isset. isset also checks if the value is not null, so an array with an existing key but a value of null will still return false. You know it is an array and you want to check if a key exists, so it makes the most sense to use array_key_exists.

But that's not the problem. :D

I think you need to call session_start() first.

PHP's native session handling performs just fine as long as you are on a single webserver.

$data=$this->session->userdata("session variable");

if($data)
{
  // do something
}

use this in your CI code files. it works for me all the time !

$logindata = $this->session->userdata('username');

if ($logindata !== FALSE)
{
  //it exists
}

might help!

I've always used php function empty(); though it works differently if you don't know what you are doing.

• If it's an empty array, it will return FALSE
• If it's NULL, it will return FALSE

I personally had little problems with the new session class in CI 2.0.2. Create a table called "sessions" and store the sessions in the database, using sess_use_database to true. Also set sess_encrypt_cookies to true, and lastly, if you want sessions to match with user IPs, use sess_match_ip. Oh, and make sure to set encryption key, which will make it even more secure.

PHP sessions are nice, but I personally like CI sessions better because it gives more flexibility. Especially when you are running multiple web heads with load balancer.

Hope that helps!

Why not use the built in CodeIgniter Session Class? it will provide the same functionality as the input class in regards to not forcing you to use isset().

It allows for encrypted sessions and uses it's own session implementation.

$this->session->userdata("keyHere");  // returns false if not set

You really should use the codeigniter session class. You can make it store the session data in the db so the cookie holds just a unique identifier. You can also set that cookie to be encrypted with the codeigniter security key.

Then, when you access session information, it acts like the normal input methods and so you can just do if($this->session->userdata('name')) rather than using isset or empty or whatever.