I am using CodeIgniter to save session data in a database but I noticed that CI also saves some of that session info at the client side. If I need a secure last_activity
time-stamp how do I know CI is retrieving the one from the database which is secure and not the one from the client side which is not?
Does it match both last_activity
timestamps to check for validity?

CodeIgniter从哪里检索会话数据?
- 写回答
- 好问题 0 提建议
- 关注问题
- 邀请回答
-
1条回答 默认 最新
- duanni5726 2014-05-04 17:56关注
my bad, that's what happen when you don't read carefully.
The answer is YES, does it has to match both.
This is from CodeIgniter Docs,
When session data is available in a database, every time a valid session is found in the user's cookie, a database query is performed to match it. If the session ID does not match, the session is destroyed. Session IDs can never be updated, they can only be generated when a new session is created.
So this means yes, it does a matching.
From GitHub (stable 2.1) you can take a look at the database matching process here:
https://github.com/EllisLab/CodeIgniter/blob/2.1-stable/system/libraries/Session.php#L135
本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏 举报