ÿŰÿàJFIFHHÿá .
BSA HACKER
Logo of a company Server : Apache
System : Linux nusantara.hosteko.com 4.18.0-553.16.1.lve.el8.x86_64 #1 SMP Tue Aug 13 17:45:03 UTC 2024 x86_64
User : koperas1 ( 1254)
PHP Version : 7.4.33
Disable Function : NONE
Directory :  /home/koperas1/public_html/userguide/libraries/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/koperas1/public_html/userguide/libraries/sessions.html

<!DOCTYPE html>
<html class="writer-html4" lang="en" >
<head>
  <meta charset="utf-8" />
  
  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>Session Library &mdash; CodeIgniter 4.1.1 documentation</title>
  

  
  <link rel="stylesheet" href="../_static/css/citheme.css" type="text/css" />
  <link rel="stylesheet" href="../_static/pygments.css" type="text/css" />

  
  
    <link rel="shortcut icon" href="../_static/favicon.ico"/>
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../" src="../_static/documentation_options.js"></script>
        <script type="text/javascript" src="../_static/jquery.js"></script>
        <script type="text/javascript" src="../_static/underscore.js"></script>
        <script type="text/javascript" src="../_static/doctools.js"></script>
        <script type="text/javascript" src="../_static/language_data.js"></script>
        <script type="text/javascript" src="../_static/js/citheme.js"></script>
        <script type="text/javascript" src="../_static/js/carbon.js"></script>
    
    <script type="text/javascript" src="../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../genindex.html" />
    <link rel="search" title="Search" href="../search.html" />
    <link rel="next" title="Throttler" href="throttler.html" />
    <link rel="prev" title="Security" href="security.html" /> 
</head>

<body class="wy-body-for-nav">

   
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #DD4814" >
          

          
            <a href="../index.html">
          

          
            
            <img src="../_static/ci-logo-text.png" class="logo" alt="Logo"/>
          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../search.html" method="get">
    <input type="text" name="q" placeholder="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul>
<li class="toctree-l1"><a class="reference internal" href="../intro/index.html">Welcome to CodeIgniter4</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../intro/index.html">Welcome to CodeIgniter4</a></li>
<li class="toctree-l2"><a class="reference internal" href="../intro/requirements.html">Server Requirements</a></li>
<li class="toctree-l2"><a class="reference internal" href="../intro/credits.html">Credits</a></li>
<li class="toctree-l2"><a class="reference internal" href="../intro/psr.html">PSR Compliance</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../installation/index.html">Installation</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../installation/installing_composer.html">Composer Installation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../installation/installing_manual.html">Manual Installation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../installation/running.html">Running Your App</a></li>
<li class="toctree-l2"><a class="reference internal" href="../installation/upgrading.html">Upgrading From a Previous Version</a></li>
<li class="toctree-l2"><a class="reference internal" href="../installation/troubleshooting.html">Troubleshooting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../installation/repositories.html">CodeIgniter Repositories</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../tutorial/index.html">Build Your First Application</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../tutorial/static_pages.html">Static pages</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tutorial/news_section.html">News section</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tutorial/create_news_items.html">Create news items</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tutorial/conclusion.html">Conclusion</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../concepts/index.html">CodeIgniter4 Overview</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../concepts/structure.html">Application Structure</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/mvc.html">Models, Views, and Controllers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/autoloader.html">Autoloading Files</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/services.html">Services</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/factories.html">Factories</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/http.html">Working With HTTP Requests</a></li>
<li class="toctree-l2"><a class="reference internal" href="../concepts/security.html">Security Guidelines</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../general/index.html">General Topics</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../general/configuration.html">Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/urls.html">CodeIgniter URLs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/helpers.html">Helper Functions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/common_functions.html">Global Functions and Constants</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/logging.html">Logging Information</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/errors.html">Error Handling</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/caching.html">Web Page Caching</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/ajax.html">AJAX Requests</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/modules.html">Code Modules</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/managing_apps.html">Managing your Applications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../general/environments.html">Handling Multiple Environments</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../incoming/index.html">Controllers and Routing</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../incoming/controllers.html">Controllers</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/routing.html">URI Routing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/filters.html">Controller Filters</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/message.html">HTTP Messages</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/request.html">Request Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/incomingrequest.html">IncomingRequest Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/content_negotiation.html">Content Negotiation</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/methodspoofing.html">HTTP Method Spoofing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../incoming/restful.html">RESTful Resource Handling</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../outgoing/index.html">Building Responses</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/views.html">Views</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/view_cells.html">View Cells</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/view_renderer.html">View Renderer</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/view_layouts.html">View Layouts</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/view_parser.html">View Parser</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/table.html">HTML Table Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/response.html">HTTP Responses</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/api_responses.html">API Response Trait</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/localization.html">Localization</a></li>
<li class="toctree-l2"><a class="reference internal" href="../outgoing/alternative_php.html">Alternate PHP Syntax for View Files</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../database/index.html">Working With Databases</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../database/examples.html">Quick Start: Usage Examples</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/configuration.html">Database Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/connecting.html">Connecting to a Database</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/queries.html">Running Queries</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/results.html">Generating Query Results</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/helpers.html">Query Helper Functions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/query_builder.html">Query Builder Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/transactions.html">Transactions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/metadata.html">Getting MetaData</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/call_function.html">Custom Function Calls</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/events.html">Database Events</a></li>
<li class="toctree-l2"><a class="reference internal" href="../database/utilities.html">Database Utilities</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../models/index.html">Modeling Data</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../models/model.html">Using CodeIgniter's Model</a></li>
<li class="toctree-l2"><a class="reference internal" href="../models/entities.html">Using Entity Classes</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../dbmgmt/index.html">Managing Databases</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../dbmgmt/forge.html">Database Manipulation with Database Forge</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dbmgmt/migration.html">Database Migrations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dbmgmt/seeds.html">Database Seeding</a></li>
</ul>
</li>
</ul>
<ul class="current">
<li class="toctree-l1 current"><a class="reference internal" href="index.html">Library Reference</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="caching.html">Caching Driver</a></li>
<li class="toctree-l2"><a class="reference internal" href="curlrequest.html">CURLRequest Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="email.html">Email Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="encryption.html">Encryption Service</a></li>
<li class="toctree-l2"><a class="reference internal" href="files.html">Working with Files</a></li>
<li class="toctree-l2"><a class="reference internal" href="honeypot.html">Honeypot Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="images.html">Image Manipulation Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="pagination.html">Pagination</a></li>
<li class="toctree-l2"><a class="reference internal" href="security.html">Security</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">Session Library</a></li>
<li class="toctree-l2"><a class="reference internal" href="throttler.html">Throttler</a></li>
<li class="toctree-l2"><a class="reference internal" href="time.html">Times and Dates</a></li>
<li class="toctree-l2"><a class="reference internal" href="typography.html">Typography</a></li>
<li class="toctree-l2"><a class="reference internal" href="uploaded_files.html">Working with Uploaded Files</a></li>
<li class="toctree-l2"><a class="reference internal" href="uri.html">Working with URIs</a></li>
<li class="toctree-l2"><a class="reference internal" href="user_agent.html">User Agent Class</a></li>
<li class="toctree-l2"><a class="reference internal" href="validation.html">Validation</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../helpers/index.html">Helpers</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../helpers/array_helper.html">Array Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/cookie_helper.html">Cookie Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/date_helper.html">Date Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/filesystem_helper.html">Filesystem Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/form_helper.html">Form Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/html_helper.html">HTML Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/inflector_helper.html">Inflector Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/number_helper.html">Number Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/security_helper.html">Security Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/test_helper.html">Test Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/text_helper.html">Text Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/url_helper.html">URL Helper</a></li>
<li class="toctree-l2"><a class="reference internal" href="../helpers/xml_helper.html">XML Helper</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../testing/index.html">Testing</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../testing/overview.html">Getting Started</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/database.html">Database</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/fabricator.html">Generating Data</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/controllers.html">Controller Testing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/feature.html">HTTP Testing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/benchmark.html">Benchmarking</a></li>
<li class="toctree-l2"><a class="reference internal" href="../testing/debugging.html">Debugging Your Application</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../cli/index.html">Command Line Usage</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../cli/cli.html">Running via the Command Line</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cli/cli_commands.html">Custom CLI Commands</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cli/cli_generators.html">CLI Generators</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cli/cli_library.html">CLI Library</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cli/cli_request.html">CLIRequest Class</a></li>
</ul>
</li>
</ul>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../extending/index.html">Extending CodeIgniter</a><ul>
<li class="toctree-l2"><a class="reference internal" href="../extending/core_classes.html">Creating Core System Classes</a></li>
<li class="toctree-l2"><a class="reference internal" href="../extending/common.html">Replacing Common Functions</a></li>
<li class="toctree-l2"><a class="reference internal" href="../extending/events.html">Events</a></li>
<li class="toctree-l2"><a class="reference internal" href="../extending/basecontroller.html">Extending the Controller</a></li>
<li class="toctree-l2"><a class="reference internal" href="../extending/authentication.html">Authentication</a></li>
<li class="toctree-l2"><a class="reference internal" href="../extending/contributing.html">Contributing to CodeIgniter</a></li>
</ul>
</li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../index.html">CodeIgniter</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          

















<div role="navigation" aria-label="breadcrumbs navigation">

  <ul class="wy-breadcrumbs">
    
      <li><a href="../index.html" class="icon icon-home"></a> &raquo;</li>
        
          <li><a href="index.html">Library Reference</a> &raquo;</li>
        
      <li>Session Library</li>
    
    
      <li class="wy-breadcrumbs-aside">
        
          
        
      </li>
    
  </ul>

  
  <hr/>
</div>
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
  <div class="section" id="session-library">
<h1>Session Library<a class="headerlink" href="#session-library" title="Permalink to this headline">¶</a></h1>
<p>The Session class permits you to maintain a user’s “state” and track their
activity while they browse your site.</p>
<p>CodeIgniter comes with a few session storage drivers, that you can see
in the last section of the table of contents:</p>
<div class="contents local topic" id="contents">
<ul class="simple">
<li><a class="reference internal" href="#using-the-session-class" id="id2">Using the Session Class</a><ul>
<li><a class="reference internal" href="#initializing-a-session" id="id3">Initializing a Session</a></li>
<li><a class="reference internal" href="#how-do-sessions-work" id="id4">How do Sessions work?</a></li>
<li><a class="reference internal" href="#what-is-session-data" id="id5">What is Session Data?</a></li>
<li><a class="reference internal" href="#retrieving-session-data" id="id6">Retrieving Session Data</a></li>
<li><a class="reference internal" href="#adding-session-data" id="id7">Adding Session Data</a></li>
<li><a class="reference internal" href="#pushing-new-value-to-session-data" id="id8">Pushing new value to session data</a></li>
<li><a class="reference internal" href="#removing-session-data" id="id9">Removing Session Data</a></li>
<li><a class="reference internal" href="#flashdata" id="id10">Flashdata</a></li>
<li><a class="reference internal" href="#tempdata" id="id11">Tempdata</a></li>
<li><a class="reference internal" href="#destroying-a-session" id="id12">Destroying a Session</a></li>
<li><a class="reference internal" href="#accessing-session-metadata" id="id13">Accessing session metadata</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-preferences" id="id14">Session Preferences</a></li>
<li><a class="reference internal" href="#session-drivers" id="id15">Session Drivers</a><ul>
<li><a class="reference internal" href="#filehandler-driver-the-default" id="id16">FileHandler Driver (the default)</a></li>
<li><a class="reference internal" href="#databasehandler-driver" id="id17">DatabaseHandler Driver</a></li>
<li><a class="reference internal" href="#redishandler-driver" id="id18">RedisHandler Driver</a></li>
<li><a class="reference internal" href="#memcachedhandler-driver" id="id19">MemcachedHandler Driver</a></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="using-the-session-class">
<h2><a class="toc-backref" href="#id2">Using the Session Class</a><a class="headerlink" href="#using-the-session-class" title="Permalink to this headline">¶</a></h2>
<div class="section" id="initializing-a-session">
<h3><a class="toc-backref" href="#id3">Initializing a Session</a><a class="headerlink" href="#initializing-a-session" title="Permalink to this headline">¶</a></h3>
<p>Sessions will typically run globally with each page load, so the Session
class should be magically initialized.</p>
<p>To access and initialize the session:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span> <span class="o">=</span> <span class="nx">\Config\Services</span><span class="o">::</span><span class="na">session</span><span class="p">(</span><span class="nv">$config</span><span class="p">);</span>
</pre></div>
</div>
<p>The <code class="docutils literal notranslate"><span class="pre">$config</span></code> parameter is optional - your application configuration.
If not provided, the services register will instantiate your default
one.</p>
<p>Once loaded, the Sessions library object will be available using:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span>
</pre></div>
</div>
<p>Alternatively, you can use the helper function that will use the default
configuration options. This version is a little friendlier to read,
but does not take any configuration options.</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span> <span class="o">=</span> <span class="nx">session</span><span class="p">();</span>
</pre></div>
</div>
</div>
<div class="section" id="how-do-sessions-work">
<h3><a class="toc-backref" href="#id4">How do Sessions work?</a><a class="headerlink" href="#how-do-sessions-work" title="Permalink to this headline">¶</a></h3>
<p>When a page is loaded, the session class will check to see if a valid
session cookie is sent by the user’s browser. If a sessions cookie does
<strong>not</strong> exist (or if it doesn’t match one stored on the server or has
expired) a new session will be created and saved.</p>
<p>If a valid session does exist, its information will be updated. With each
update, the session ID may be regenerated if configured to do so.</p>
<p>It’s important for you to understand that once initialized, the Session
class runs automatically. There is nothing you need to do to cause the
above behavior to happen. You can, as you’ll see below, work with session
data, but the process of reading, writing, and updating a session is
automatic.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Under CLI, the Session library will automatically halt itself,
as this is a concept based entirely on the HTTP protocol.</p>
</div>
<div class="section" id="a-note-about-concurrency">
<h4>A note about concurrency<a class="headerlink" href="#a-note-about-concurrency" title="Permalink to this headline">¶</a></h4>
<p>Unless you’re developing a website with heavy AJAX usage, you can skip this
section. If you are, however, and if you’re experiencing performance
issues, then this note is exactly what you’re looking for.</p>
<p>Sessions in previous versions of CodeIgniter didn’t implement locking,
which meant that two HTTP requests using the same session could run exactly
at the same time. To use a more appropriate technical term - requests were
non-blocking.</p>
<p>However, non-blocking requests in the context of sessions also means
unsafe, because, modifications to session data (or session ID regeneration)
in one request can interfere with the execution of a second, concurrent
request. This detail was at the root of many issues and the main reason why
CodeIgniter 4 has a completely re-written Session library.</p>
<p>Why are we telling you this? Because it is likely that after trying to
find the reason for your performance issues, you may conclude that locking
is the issue and therefore look into how to remove the locks 
</p>
<p>DO NOT DO THAT! Removing locks would be <strong>wrong</strong> and it will cause you
more problems!</p>
<p>Locking is not the issue, it is a solution. Your issue is that you still
have the session open, while you’ve already processed it and therefore no
longer need it. So, what you need is to close the session for the
current request after you no longer need it.</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">destroy</span><span class="p">();</span>
</pre></div>
</div>
</div>
</div>
<div class="section" id="what-is-session-data">
<h3><a class="toc-backref" href="#id5">What is Session Data?</a><a class="headerlink" href="#what-is-session-data" title="Permalink to this headline">¶</a></h3>
<p>Session data is simply an array associated with a particular session ID
(cookie).</p>
<p>If you’ve used sessions in PHP before, you should be familiar with PHP’s
<a class="reference external" href="https://www.php.net/manual/en/reserved.variables.session.php">$_SESSION superglobal</a>
(if not, please read the content on that link).</p>
<p>CodeIgniter gives access to its session data through the same means, as it
uses the session handlers’ mechanism provided by PHP. Using session data is
as simple as manipulating (read, set and unset values) the <code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code>
array.</p>
<p>In addition, CodeIgniter also provides 2 special types of session data
that are further explained below: flashdata and tempdata.</p>
</div>
<div class="section" id="retrieving-session-data">
<h3><a class="toc-backref" href="#id6">Retrieving Session Data</a><a class="headerlink" href="#retrieving-session-data" title="Permalink to this headline">¶</a></h3>
<p>Any piece of information from the session array is available through the
<code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code> superglobal:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]</span>
</pre></div>
</div>
<p>Or through the conventional accessor method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">get</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>Or through the magic getter:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">item</span>
</pre></div>
</div>
<p>Or even through the session helper method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nx">session</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>Where <code class="docutils literal notranslate"><span class="pre">item</span></code> is the array key corresponding to the item you wish to fetch.
For example, to assign a previously stored ‘name’ item to the <code class="docutils literal notranslate"><span class="pre">$name</span></code>
variable, you will do this:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$name</span> <span class="o">=</span> <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;name&#39;</span><span class="p">];</span>

<span class="c1">// or:</span>

<span class="nv">$name</span> <span class="o">=</span> <span class="nv">$session</span><span class="o">-&gt;</span><span class="na">name</span>

<span class="c1">// or:</span>

<span class="nv">$name</span> <span class="o">=</span> <span class="nv">$session</span><span class="o">-&gt;</span><span class="na">get</span><span class="p">(</span><span class="s1">&#39;name&#39;</span><span class="p">);</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The <code class="docutils literal notranslate"><span class="pre">get()</span></code> method returns NULL if the item you are trying
to access does not exist.</p>
</div>
<p>If you want to retrieve all of the existing userdata, you can simply
omit the item key (magic getter only works for single property values):</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span>

<span class="c1">// or:</span>

<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">get</span><span class="p">();</span>
</pre></div>
</div>
</div>
<div class="section" id="adding-session-data">
<h3><a class="toc-backref" href="#id7">Adding Session Data</a><a class="headerlink" href="#adding-session-data" title="Permalink to this headline">¶</a></h3>
<p>Let’s say a particular user logs into your site. Once authenticated, you
could add their username and e-mail address to the session, making that
data globally available to you without having to run a database query when
you need it.</p>
<p>You can simply assign data to the <code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code> array, as with any other
variable. Or as a property of <code class="docutils literal notranslate"><span class="pre">$session</span></code>.</p>
<p>The former userdata method is deprecated,
but you can pass an array containing your new session data to the
<code class="docutils literal notranslate"><span class="pre">set()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">set</span><span class="p">(</span><span class="nv">$array</span><span class="p">);</span>
</pre></div>
</div>
<p>Where <code class="docutils literal notranslate"><span class="pre">$array</span></code> is an associative array containing your new data. Here’s
an example:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$newdata</span> <span class="o">=</span> <span class="p">[</span>
        <span class="s1">&#39;username&#39;</span>  <span class="o">=&gt;</span> <span class="s1">&#39;johndoe&#39;</span><span class="p">,</span>
        <span class="s1">&#39;email&#39;</span>     <span class="o">=&gt;</span> <span class="s1">&#39;johndoe@some-site.com&#39;</span><span class="p">,</span>
        <span class="s1">&#39;logged_in&#39;</span> <span class="o">=&gt;</span> <span class="k">TRUE</span>
<span class="p">];</span>

<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">set</span><span class="p">(</span><span class="nv">$newdata</span><span class="p">);</span>
</pre></div>
</div>
<p>If you want to add session data one value at a time, <code class="docutils literal notranslate"><span class="pre">set()</span></code> also
supports this syntax:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">set</span><span class="p">(</span><span class="s1">&#39;some_name&#39;</span><span class="p">,</span> <span class="s1">&#39;some_value&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>If you want to verify that a session value exists, simply check with
<code class="docutils literal notranslate"><span class="pre">isset()</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="c1">// returns FALSE if the &#39;some_name&#39; item doesn&#39;t exist or is NULL,</span>
<span class="c1">// TRUE otherwise:</span>
<span class="nb">isset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;some_name&#39;</span><span class="p">])</span>
</pre></div>
</div>
<p>Or you can call <code class="docutils literal notranslate"><span class="pre">has()</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">has</span><span class="p">(</span><span class="s1">&#39;some_name&#39;</span><span class="p">);</span>
</pre></div>
</div>
</div>
<div class="section" id="pushing-new-value-to-session-data">
<h3><a class="toc-backref" href="#id8">Pushing new value to session data</a><a class="headerlink" href="#pushing-new-value-to-session-data" title="Permalink to this headline">¶</a></h3>
<p>The push method is used to push a new value onto a session value that is an array.
For instance, if the ‘hobbies’ key contains an array of hobbies, you can add a new value onto the array like so:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">push</span><span class="p">(</span><span class="s1">&#39;hobbies&#39;</span><span class="p">,</span> <span class="p">[</span><span class="s1">&#39;sport&#39;</span><span class="o">=&gt;</span><span class="s1">&#39;tennis&#39;</span><span class="p">]);</span>
</pre></div>
</div>
</div>
<div class="section" id="removing-session-data">
<h3><a class="toc-backref" href="#id9">Removing Session Data</a><a class="headerlink" href="#removing-session-data" title="Permalink to this headline">¶</a></h3>
<p>Just as with any other variable, unsetting a value in <code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code> can be
done through <code class="docutils literal notranslate"><span class="pre">unset()</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nb">unset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;some_name&#39;</span><span class="p">]);</span>

<span class="c1">// or multiple values:</span>

<span class="nb">unset</span><span class="p">(</span>
        <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;some_name&#39;</span><span class="p">],</span>
        <span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;another_name&#39;</span><span class="p">]</span>
<span class="p">);</span>
</pre></div>
</div>
<p>Also, just as <code class="docutils literal notranslate"><span class="pre">set()</span></code> can be used to add information to a
session, <code class="docutils literal notranslate"><span class="pre">remove()</span></code> can be used to remove it, by passing the
session key. For example, if you wanted to remove ‘some_name’ from your
session data array:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">remove</span><span class="p">(</span><span class="s1">&#39;some_name&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>This method also accepts an array of item keys to unset:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$array_items</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;username&#39;</span><span class="p">,</span> <span class="s1">&#39;email&#39;</span><span class="p">];</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">remove</span><span class="p">(</span><span class="nv">$array_items</span><span class="p">);</span>
</pre></div>
</div>
</div>
<div class="section" id="flashdata">
<h3><a class="toc-backref" href="#id10">Flashdata</a><a class="headerlink" href="#flashdata" title="Permalink to this headline">¶</a></h3>
<p>CodeIgniter supports “flashdata”, or session data that will only be
available for the next request, and is then automatically cleared.</p>
<p>This can be very useful, especially for one-time informational, error or
status messages (for example: “Record 2 deleted”).</p>
<p>It should be noted that flashdata variables are regular session variables,
managed inside the CodeIgniter session handler.</p>
<p>To mark an existing item as “flashdata”:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsFlashdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>If you want to mark multiple items as flashdata, simply pass the keys as an
array:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsFlashdata</span><span class="p">([</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="s1">&#39;item2&#39;</span><span class="p">]);</span>
</pre></div>
</div>
<p>To add flashdata:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s1">&#39;value&#39;</span><span class="p">;</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsFlashdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>Or alternatively, using the <code class="docutils literal notranslate"><span class="pre">setFlashdata()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">setFlashdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="s1">&#39;value&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>You can also pass an array to <code class="docutils literal notranslate"><span class="pre">setFlashdata()</span></code>, in the same manner as
<code class="docutils literal notranslate"><span class="pre">set()</span></code>.</p>
<p>Reading flashdata variables is the same as reading regular session data
through <code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]</span>
</pre></div>
</div>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">The <code class="docutils literal notranslate"><span class="pre">get()</span></code> method WILL return flashdata items when
retrieving a single item by key. It will not return flashdata when
grabbing all userdata from the session, however.</p>
</div>
<p>However, if you want to be sure that you’re reading “flashdata” (and not
any other kind), you can also use the <code class="docutils literal notranslate"><span class="pre">getFlashdata()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">getFlashdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>Or to get an array with all flashdata, simply omit the key parameter:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">getFlashdata</span><span class="p">();</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The <code class="docutils literal notranslate"><span class="pre">getFlashdata()</span></code> method returns NULL if the item cannot be
found.</p>
</div>
<p>If you find that you need to preserve a flashdata variable through an
additional request, you can do so using the <code class="docutils literal notranslate"><span class="pre">keepFlashdata()</span></code> method.
You can either pass a single item or an array of flashdata items to keep.</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">keepFlashdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">keepFlashdata</span><span class="p">([</span><span class="s1">&#39;item1&#39;</span><span class="p">,</span> <span class="s1">&#39;item2&#39;</span><span class="p">,</span> <span class="s1">&#39;item3&#39;</span><span class="p">]);</span>
</pre></div>
</div>
</div>
<div class="section" id="tempdata">
<h3><a class="toc-backref" href="#id11">Tempdata</a><a class="headerlink" href="#tempdata" title="Permalink to this headline">¶</a></h3>
<p>CodeIgniter also supports “tempdata”, or session data with a specific
expiration time. After the value expires, or the session expires or is
deleted, the value is automatically removed.</p>
<p>Similarly to flashdata, tempdata variables are managed internally by the
CodeIgniter session handler.</p>
<p>To mark an existing item as “tempdata”, simply pass its key and expiry time
(in seconds!) to the <code class="docutils literal notranslate"><span class="pre">markAsTempdata()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="c1">// &#39;item&#39; will be erased after 300 seconds</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsTempdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span>
</pre></div>
</div>
<p>You can mark multiple items as tempdata in two ways, depending on whether
you want them all to have the same expiry time or not:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="c1">// Both &#39;item&#39; and &#39;item2&#39; will expire after 300 seconds</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsTempdata</span><span class="p">([</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="s1">&#39;item2&#39;</span><span class="p">],</span> <span class="mi">300</span><span class="p">);</span>

<span class="c1">// &#39;item&#39; will be erased after 300 seconds, while &#39;item2&#39;</span>
<span class="c1">// will do so after only 240 seconds</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsTempdata</span><span class="p">([</span>
        <span class="s1">&#39;item&#39;</span>  <span class="o">=&gt;</span> <span class="mi">300</span><span class="p">,</span>
        <span class="s1">&#39;item2&#39;</span> <span class="o">=&gt;</span> <span class="mi">240</span>
<span class="p">]);</span>
</pre></div>
</div>
<p>To add tempdata:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]</span> <span class="o">=</span> <span class="s1">&#39;value&#39;</span><span class="p">;</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">markAsTempdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span> <span class="c1">// Expire in 5 minutes</span>
</pre></div>
</div>
<p>Or alternatively, using the <code class="docutils literal notranslate"><span class="pre">setTempdata()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">setTempdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">,</span> <span class="s1">&#39;value&#39;</span><span class="p">,</span> <span class="mi">300</span><span class="p">);</span>
</pre></div>
</div>
<p>You can also pass an array to <code class="docutils literal notranslate"><span class="pre">setTempdata()</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$tempdata</span> <span class="o">=</span> <span class="p">[</span><span class="s1">&#39;newuser&#39;</span> <span class="o">=&gt;</span> <span class="k">TRUE</span><span class="p">,</span> <span class="s1">&#39;message&#39;</span> <span class="o">=&gt;</span> <span class="s1">&#39;Thanks for joining!&#39;</span><span class="p">];</span>
<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">setTempdata</span><span class="p">(</span><span class="nv">$tempdata</span><span class="p">,</span> <span class="k">NULL</span><span class="p">,</span> <span class="nv">$expire</span><span class="p">);</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">If the expiration is omitted or set to 0, the default
time-to-live value of 300 seconds (or 5 minutes) will be used.</p>
</div>
<p>To read a tempdata variable, again you can just access it through the
<code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code> superglobal array:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]</span>
</pre></div>
</div>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">The <code class="docutils literal notranslate"><span class="pre">get()</span></code> method WILL return tempdata items when
retrieving a single item by key. It will not return tempdata when
grabbing all userdata from the session, however.</p>
</div>
<p>Or if you want to be sure that you’re reading “tempdata” (and not any
other kind), you can also use the <code class="docutils literal notranslate"><span class="pre">getTempdata()</span></code> method:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">getTempdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
<p>And of course, if you want to retrieve all existing tempdata:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">getTempdata</span><span class="p">();</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The <code class="docutils literal notranslate"><span class="pre">getTempdata()</span></code> method returns NULL if the item cannot be
found.</p>
</div>
<p>If you need to remove a tempdata value before it expires, you can directly
unset it from the <code class="docutils literal notranslate"><span class="pre">$_SESSION</span></code> array:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nb">unset</span><span class="p">(</span><span class="nv">$_SESSION</span><span class="p">[</span><span class="s1">&#39;item&#39;</span><span class="p">]);</span>
</pre></div>
</div>
<p>However, this won’t remove the marker that makes this specific item to be
tempdata (it will be invalidated on the next HTTP request), so if you
intend to reuse that same key in the same request, you’d want to use
<code class="docutils literal notranslate"><span class="pre">removeTempdata()</span></code>:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">removeTempdata</span><span class="p">(</span><span class="s1">&#39;item&#39;</span><span class="p">);</span>
</pre></div>
</div>
</div>
<div class="section" id="destroying-a-session">
<h3><a class="toc-backref" href="#id12">Destroying a Session</a><a class="headerlink" href="#destroying-a-session" title="Permalink to this headline">¶</a></h3>
<p>To clear the current session (for example, during a logout), you may
simply use either PHP’s <a class="reference external" href="https://www.php.net/session_destroy">session_destroy()</a>
function, or the library’s <code class="docutils literal notranslate"><span class="pre">destroy()</span></code> method. Both will work in exactly the
same way:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nb">session_destroy</span><span class="p">();</span>

<span class="c1">// or</span>

<span class="nv">$session</span><span class="o">-&gt;</span><span class="na">destroy</span><span class="p">();</span>
</pre></div>
</div>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">This must be the last session-related operation that you do
during the same request. All session data (including flashdata and
tempdata) will be destroyed permanently and functions will be
unusable during the same request after you destroy the session.</p>
</div>
<p>You may also use the <code class="docutils literal notranslate"><span class="pre">stop()</span></code> method to completely kill the session
by removing the old session_id, destroying all data, and destroying
the cookie that contained the session id:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nv">$session</span><span class="o">-&gt;</span><span class="na">stop</span><span class="p">();</span>
</pre></div>
</div>
</div>
<div class="section" id="accessing-session-metadata">
<h3><a class="toc-backref" href="#id13">Accessing session metadata</a><a class="headerlink" href="#accessing-session-metadata" title="Permalink to this headline">¶</a></h3>
<p>In previous CodeIgniter versions, the session data array included 4 items
by default: ‘session_id’, ‘ip_address’, ‘user_agent’, ‘last_activity’.</p>
<p>This was due to the specifics of how sessions worked, but is now no longer
necessary with our new implementation. However, it may happen that your
application relied on these values, so here are alternative methods of
accessing them:</p>
<blockquote>
<div><ul class="simple">
<li>session_id: <code class="docutils literal notranslate"><span class="pre">session_id()</span></code></li>
<li>ip_address: <code class="docutils literal notranslate"><span class="pre">$_SERVER['REMOTE_ADDR']</span></code></li>
<li>user_agent: <code class="docutils literal notranslate"><span class="pre">$_SERVER['HTTP_USER_AGENT']</span></code> (unused by sessions)</li>
<li>last_activity: Depends on the storage, no straightforward way. Sorry!</li>
</ul>
</div></blockquote>
</div>
</div>
<div class="section" id="session-preferences">
<h2><a class="toc-backref" href="#id14">Session Preferences</a><a class="headerlink" href="#session-preferences" title="Permalink to this headline">¶</a></h2>
<p>CodeIgniter will usually make everything work out of the box. However,
Sessions are a very sensitive component of any application, so some
careful configuration must be done. Please take your time to consider
all of the options and their effects.</p>
<p>You’ll find the following Session related preferences in your
<strong>app/Config/App.php</strong> file:</p>
<table border="1" class="docutils">
<colgroup>
<col width="14%" />
<col width="20%" />
<col width="23%" />
<col width="43%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Preference</th>
<th class="head">Default</th>
<th class="head">Options</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><strong>sessionDriver</strong></td>
<td>CodeIgniter\Session\Handlers\FileHandler</td>
<td>CodeIgniter\Session\Handlers\FileHandler
CodeIgniter\Session\Handlers\DatabaseHandler
CodeIgniter\Session\Handlers\MemcachedHandler
CodeIgniter\Session\Handlers\RedisHandler
CodeIgniter\Session\Handlers\ArrayHandler</td>
<td>The session storage driver to use.</td>
</tr>
<tr class="row-odd"><td><strong>sessionCookieName</strong></td>
<td>ci_session</td>
<td>[A-Za-z_-] characters only</td>
<td>The name used for the session cookie.</td>
</tr>
<tr class="row-even"><td><strong>sessionExpiration</strong></td>
<td>7200 (2 hours)</td>
<td>Time in seconds (integer)</td>
<td>The number of seconds you would like the session to last.
If you would like a non-expiring session (until browser is closed) set the value to zero: 0</td>
</tr>
<tr class="row-odd"><td><strong>sessionSavePath</strong></td>
<td>NULL</td>
<td>None</td>
<td>Specifies the storage location, depends on the driver being used.</td>
</tr>
<tr class="row-even"><td><strong>sessionMatchIP</strong></td>
<td>FALSE</td>
<td>TRUE/FALSE (boolean)</td>
<td>Whether to validate the user’s IP address when reading the session cookie.
Note that some ISPs dynamically changes the IP, so if you want a non-expiring session you
will likely set this to FALSE.</td>
</tr>
<tr class="row-odd"><td><strong>sessionTimeToUpdate</strong></td>
<td>300</td>
<td>Time in seconds (integer)</td>
<td>This option controls how often the session class will regenerate itself and create a new
session ID. Setting it to 0 will disable session ID regeneration.</td>
</tr>
<tr class="row-even"><td><strong>sessionRegenerateDestroy</strong></td>
<td>FALSE</td>
<td>TRUE/FALSE (boolean)</td>
<td>Whether to destroy session data associated with the old session ID when auto-regenerating
the session ID. When set to FALSE, the data will be later deleted by the garbage collector.</td>
</tr>
</tbody>
</table>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">As a last resort, the Session library will try to fetch PHP’s
session related INI settings, as well as legacy CI settings such as
‘sess_expire_on_close’ when any of the above is not configured.
However, you should never rely on this behavior as it can cause
unexpected results or be changed in the future. Please configure
everything properly.</p>
</div>
<p>In addition to the values above, the cookie and native drivers apply the
following configuration values shared by the <a class="reference internal" href="../incoming/incomingrequest.html"><span class="doc">IncomingRequest</span></a> and
<a class="reference internal" href="security.html"><span class="doc">Security</span></a> classes:</p>
<table border="1" class="docutils">
<colgroup>
<col width="18%" />
<col width="14%" />
<col width="68%" />
</colgroup>
<thead valign="bottom">
<tr class="row-odd"><th class="head">Preference</th>
<th class="head">Default</th>
<th class="head">Description</th>
</tr>
</thead>
<tbody valign="top">
<tr class="row-even"><td><strong>cookieDomain</strong></td>
<td>‘’</td>
<td>The domain for which the session is applicable</td>
</tr>
<tr class="row-odd"><td><strong>cookiePath</strong></td>
<td>/</td>
<td>The path to which the session is applicable</td>
</tr>
<tr class="row-even"><td><strong>cookieSecure</strong></td>
<td>FALSE</td>
<td>Whether to create the session cookie only on encrypted (HTTPS) connections</td>
</tr>
<tr class="row-odd"><td><strong>cookieSameSite</strong></td>
<td>Lax</td>
<td>The SameSite setting for the session cookie</td>
</tr>
</tbody>
</table>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The ‘cookieHTTPOnly’ setting doesn’t have an effect on sessions.
Instead the HttpOnly parameter is always enabled, for security
reasons. Additionally, the ‘cookiePrefix’ setting is completely
ignored.</p>
</div>
</div>
<div class="section" id="session-drivers">
<h2><a class="toc-backref" href="#id15">Session Drivers</a><a class="headerlink" href="#session-drivers" title="Permalink to this headline">¶</a></h2>
<p>As already mentioned, the Session library comes with 4 handlers, or storage
engines, that you can use:</p>
<blockquote>
<div><ul class="simple">
<li>CodeIgniter\Session\Handlers\FileHandler</li>
<li>CodeIgniter\Session\Handlers\DatabaseHandler</li>
<li>CodeIgniter\Session\Handlers\MemcachedHandler</li>
<li>CodeIgniter\Session\Handlers\RedisHandler</li>
<li>CodeIgniter\Session\Handlers\ArrayHandler</li>
</ul>
</div></blockquote>
<p>By default, the <code class="docutils literal notranslate"><span class="pre">FileHandler</span></code> Driver will be used when a session is initialized,
because it is the safest choice and is expected to work everywhere
(virtually every environment has a file system).</p>
<p>However, any other driver may be selected via the <code class="docutils literal notranslate"><span class="pre">public</span> <span class="pre">$sessionDriver</span></code>
line in your <strong>app/Config/App.php</strong> file, if you chose to do so.
Have it in mind though, every driver has different caveats, so be sure to
get yourself familiar with them (below) before you make that choice.</p>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">The ArrayHandler is used during testing and stores all data within
a PHP array, while preventing the data from being persisted.</p>
</div>
<div class="section" id="filehandler-driver-the-default">
<h3><a class="toc-backref" href="#id16">FileHandler Driver (the default)</a><a class="headerlink" href="#filehandler-driver-the-default" title="Permalink to this headline">¶</a></h3>
<p>The ‘FileHandler’ driver uses your file system for storing session data.</p>
<p>It can safely be said that it works exactly like PHP’s own default session
implementation, but in case this is an important detail for you, have it
mind that it is in fact not the same code and it has some limitations
(and advantages).</p>
<p>To be more specific, it doesn’t support PHP’s <a class="reference external" href="https://www.php.net/manual/en/session.configuration.php#ini.session.save-path">directory level and mode
formats used in session.save_path</a>,
and it has most of the options hard-coded for safety. Instead, only
absolute paths are supported for <code class="docutils literal notranslate"><span class="pre">public</span> <span class="pre">$sessionSavePath</span></code>.</p>
<p>Another important thing that you should know, is to make sure that you
don’t use a publicly-readable or shared directory for storing your session
files. Make sure that <em>only you</em> have access to see the contents of your
chosen <em>sessionSavePath</em> directory. Otherwise, anybody who can do that, can
also steal any of the current sessions (also known as “session fixation”
attack).</p>
<p>On UNIX-like operating systems, this is usually achieved by setting the
0700 mode permissions on that directory via the <cite>chmod</cite> command, which
allows only the directory’s owner to perform read and write operations on
it. But be careful because the system user <em>running</em> the script is usually
not your own, but something like ‘www-data’ instead, so only setting those
permissions will probably break your application.</p>
<p>Instead, you should do something like this, depending on your environment</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nb">mkdir</span> <span class="o">/&lt;</span><span class="nx">path</span> <span class="nx">to</span> <span class="nx">your</span> <span class="nx">application</span> <span class="nx">directory</span><span class="o">&gt;/</span><span class="nx">Writable</span><span class="o">/</span><span class="nx">sessions</span><span class="o">/</span>
<span class="nb">chmod</span> <span class="mo">0700</span> <span class="o">/&lt;</span><span class="nx">path</span> <span class="nx">to</span> <span class="nx">your</span> <span class="nx">application</span> <span class="nx">directory</span><span class="o">&gt;/</span><span class="nx">Writable</span><span class="o">/</span><span class="nx">sessions</span><span class="o">/</span>
<span class="nb">chown</span> <span class="nx">www</span><span class="o">-</span><span class="nx">data</span> <span class="o">/&lt;</span><span class="nx">path</span> <span class="nx">to</span> <span class="nx">your</span> <span class="nx">application</span> <span class="nx">directory</span><span class="o">&gt;/</span><span class="nx">Writable</span><span class="o">/</span><span class="nx">sessions</span><span class="o">/</span>
</pre></div>
</div>
<div class="section" id="bonus-tip">
<h4>Bonus Tip<a class="headerlink" href="#bonus-tip" title="Permalink to this headline">¶</a></h4>
<p>Some of you will probably opt to choose another session driver because
file storage is usually slower. This is only half true.</p>
<p>A very basic test will probably trick you into believing that an SQL
database is faster, but in 99% of the cases, this is only true while you
only have a few current sessions. As the sessions count and server loads
increase - which is the time when it matters - the file system will
consistently outperform almost all relational database setups.</p>
<p>In addition, if performance is your only concern, you may want to look
into using <a class="reference external" href="https://eddmann.com/posts/storing-php-sessions-file-caches-in-memory-using-tmpfs/">tmpfs</a>,
(warning: external resource), which can make your sessions blazing fast.</p>
</div>
</div>
<div class="section" id="databasehandler-driver">
<h3><a class="toc-backref" href="#id17">DatabaseHandler Driver</a><a class="headerlink" href="#databasehandler-driver" title="Permalink to this headline">¶</a></h3>
<p>The ‘DatabaseHandler’ driver uses a relational database such as MySQL or
PostgreSQL to store sessions. This is a popular choice among many users,
because it allows the developer easy access to the session data within
an application - it is just another table in your database.</p>
<p>However, there are some conditions that must be met:</p>
<blockquote>
<div><ul class="simple">
<li>You can NOT use a persistent connection.</li>
</ul>
</div></blockquote>
<p>In order to use the ‘DatabaseHandler’ session driver, you must also create this
table that we already mentioned and then set it as your
<code class="docutils literal notranslate"><span class="pre">$sessionSavePath</span></code> value.
For example, if you would like to use ‘ci_sessions’ as your table name,
you would do this:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="k">public</span> <span class="nv">$sessionDriver</span>   <span class="o">=</span> <span class="s1">&#39;CodeIgniter\Session\Handlers\DatabaseHandler&#39;</span><span class="p">;</span>
<span class="k">public</span> <span class="nv">$sessionSavePath</span> <span class="o">=</span> <span class="s1">&#39;ci_sessions&#39;</span><span class="p">;</span>
</pre></div>
</div>
<p>And then of course, create the database table 
</p>
<p>For MySQL:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nx">CREATE</span> <span class="nx">TABLE</span> <span class="k">IF</span> <span class="k">NOT</span> <span class="nx">EXISTS</span> <span class="sb">`ci_sessions`</span> <span class="p">(</span>
        <span class="sb">`id`</span> <span class="nx">varchar</span><span class="p">(</span><span class="mi">128</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="sb">`ip_address`</span> <span class="nx">varchar</span><span class="p">(</span><span class="mi">45</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="sb">`timestamp`</span> <span class="nx">int</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="nx">unsigned</span> <span class="k">DEFAULT</span> <span class="mi">0</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="sb">`data`</span> <span class="nx">blob</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="nx">KEY</span> <span class="sb">`ci_sessions_timestamp`</span> <span class="p">(</span><span class="sb">`timestamp`</span><span class="p">)</span>
<span class="p">);</span>
</pre></div>
</div>
<p>For PostgreSQL:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="nx">CREATE</span> <span class="nx">TABLE</span> <span class="s2">&quot;ci_sessions&quot;</span> <span class="p">(</span>
        <span class="s2">&quot;id&quot;</span> <span class="nx">varchar</span><span class="p">(</span><span class="mi">128</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="s2">&quot;ip_address&quot;</span> <span class="nx">varchar</span><span class="p">(</span><span class="mi">45</span><span class="p">)</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="s2">&quot;timestamp&quot;</span> <span class="nx">bigint</span> <span class="k">DEFAULT</span> <span class="mi">0</span> <span class="k">NOT</span> <span class="k">NULL</span><span class="p">,</span>
        <span class="s2">&quot;data&quot;</span> <span class="nx">text</span> <span class="k">DEFAULT</span> <span class="s1">&#39;&#39;</span> <span class="k">NOT</span> <span class="k">NULL</span>
<span class="p">);</span>

<span class="nx">CREATE</span> <span class="nx">INDEX</span> <span class="s2">&quot;ci_sessions_timestamp&quot;</span> <span class="nx">ON</span> <span class="s2">&quot;ci_sessions&quot;</span> <span class="p">(</span><span class="s2">&quot;timestamp&quot;</span><span class="p">);</span>
</pre></div>
</div>
<p>You will also need to add a PRIMARY KEY <strong>depending on your ‘sessionMatchIP’
setting</strong>. The examples below work both on MySQL and PostgreSQL:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="c1">// When sessionMatchIP = TRUE</span>
<span class="nx">ALTER</span> <span class="nx">TABLE</span> <span class="nx">ci_sessions</span> <span class="nx">ADD</span> <span class="nx">PRIMARY</span> <span class="nx">KEY</span> <span class="p">(</span><span class="nx">id</span><span class="p">,</span> <span class="nx">ip_address</span><span class="p">);</span>

<span class="c1">// When sessionMatchIP = FALSE</span>
<span class="nx">ALTER</span> <span class="nx">TABLE</span> <span class="nx">ci_sessions</span> <span class="nx">ADD</span> <span class="nx">PRIMARY</span> <span class="nx">KEY</span> <span class="p">(</span><span class="nx">id</span><span class="p">);</span>

<span class="c1">// To drop a previously created primary key (use when changing the setting)</span>
<span class="nx">ALTER</span> <span class="nx">TABLE</span> <span class="nx">ci_sessions</span> <span class="nx">DROP</span> <span class="nx">PRIMARY</span> <span class="nx">KEY</span><span class="p">;</span>
</pre></div>
</div>
<p>You can choose the Database group to use by adding a new line to the
<strong>applicationConfigApp.php</strong> file with the name of the group to use:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="k">public</span> <span class="nv">$sessionDBGroup</span> <span class="o">=</span> <span class="s1">&#39;groupName&#39;</span><span class="p">;</span>
</pre></div>
</div>
<p>If you’d rather not do all of this by hand, you can use the <code class="docutils literal notranslate"><span class="pre">session:migration</span></code> command
from the cli to generate a migration file for you:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="o">&gt;</span> <span class="nx">php</span> <span class="nx">spark</span> <span class="nx">session</span><span class="o">:</span><span class="nx">migration</span>
<span class="o">&gt;</span> <span class="nx">php</span> <span class="nx">spark</span> <span class="nx">migrate</span>
</pre></div>
</div>
<p>This command will take the <strong>sessionSavePath</strong> and <strong>sessionMatchIP</strong> settings into account
when it generates the code.</p>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">Only MySQL and PostgreSQL databases are officially
supported, due to lack of advisory locking mechanisms on other
platforms. Using sessions without locks can cause all sorts of
problems, especially with heavy usage of AJAX, and we will not
support such cases. Use <code class="docutils literal notranslate"><span class="pre">session_write_close()</span></code> after you’ve
done processing session data if you’re having performance
issues.</p>
</div>
</div>
<div class="section" id="redishandler-driver">
<h3><a class="toc-backref" href="#id18">RedisHandler Driver</a><a class="headerlink" href="#redishandler-driver" title="Permalink to this headline">¶</a></h3>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Since Redis doesn’t have a locking mechanism exposed, locks for
this driver are emulated by a separate value that is kept for up
to 300 seconds.</p>
</div>
<p>Redis is a storage engine typically used for caching and popular because
of its high performance, which is also probably your reason to use the
‘RedisHandler’ session driver.</p>
<p>The downside is that it is not as ubiquitous as relational databases and
requires the <a class="reference external" href="https://github.com/phpredis/phpredis">phpredis</a> PHP
extension to be installed on your system, and that one doesn’t come
bundled with PHP.
Chances are, you’re only be using the RedisHandler driver only if you’re already
both familiar with Redis and using it for other purposes.</p>
<p>Just as with the ‘FileHandler’ and ‘DatabaseHandler’ drivers, you must also configure
the storage location for your sessions via the
<code class="docutils literal notranslate"><span class="pre">$sessionSavePath</span></code> setting.
The format here is a bit different and complicated at the same time. It is
best explained by the <em>phpredis</em> extension’s README file, so we’ll simply
link you to it:</p>
<blockquote>
<div><a class="reference external" href="https://github.com/phpredis/phpredis">https://github.com/phpredis/phpredis</a></div></blockquote>
<div class="admonition warning">
<p class="first admonition-title">Warning</p>
<p class="last">CodeIgniter’s Session library does NOT use the actual ‘redis’
<code class="docutils literal notranslate"><span class="pre">session.save_handler</span></code>. Take note <strong>only</strong> of the path format in
the link above.</p>
</div>
<p>For the most common case however, a simple <code class="docutils literal notranslate"><span class="pre">host:port</span></code> pair should be
sufficient:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="k">public</span> <span class="nv">$sessionDiver</span>    <span class="o">=</span> <span class="s1">&#39;CodeIgniter\Session\Handlers\RedisHandler&#39;</span><span class="p">;</span>
<span class="k">public</span> <span class="nv">$sessionSavePath</span> <span class="o">=</span> <span class="s1">&#39;tcp://localhost:6379&#39;</span><span class="p">;</span>
</pre></div>
</div>
</div>
<div class="section" id="memcachedhandler-driver">
<h3><a class="toc-backref" href="#id19">MemcachedHandler Driver</a><a class="headerlink" href="#memcachedhandler-driver" title="Permalink to this headline">¶</a></h3>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">Since Memcached doesn’t have a locking mechanism exposed, locks
for this driver are emulated by a separate value that is kept for
up to 300 seconds.</p>
</div>
<p>The ‘MemcachedHandler’ driver is very similar to the ‘RedisHandler’ one in all of its
properties, except perhaps for availability, because PHP’s <a class="reference external" href="https://www.php.net/memcached">Memcached</a> extension is distributed via PECL and some
Linux distributions make it available as an easy to install package.</p>
<p>Other than that, and without any intentional bias towards Redis, there’s
not much different to be said about Memcached - it is also a popular
product that is usually used for caching and famed for its speed.</p>
<p>However, it is worth noting that the only guarantee given by Memcached
is that setting value X to expire after Y seconds will result in it being
deleted after Y seconds have passed (but not necessarily that it won’t
expire earlier than that time). This happens very rarely, but should be
considered as it may result in loss of sessions.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">$sessionSavePath</span></code> format is fairly straightforward here,
being just a <code class="docutils literal notranslate"><span class="pre">host:port</span></code> pair:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="k">public</span> <span class="nv">$sessionDriver</span>   <span class="o">=</span> <span class="s1">&#39;CodeIgniter\Session\Handlers\MemcachedHandler&#39;</span><span class="p">;</span>
<span class="k">public</span> <span class="nv">$sessionSavePath</span> <span class="o">=</span> <span class="s1">&#39;localhost:11211&#39;</span><span class="p">;</span>
</pre></div>
</div>
<div class="section" id="id1">
<h4>Bonus Tip<a class="headerlink" href="#id1" title="Permalink to this headline">¶</a></h4>
<p>Multi-server configuration with an optional <em>weight</em> parameter as the
third colon-separated (<code class="docutils literal notranslate"><span class="pre">:weight</span></code>) value is also supported, but we have
to note that we haven’t tested if that is reliable.</p>
<p>If you want to experiment with this feature (on your own risk), simply
separate the multiple server paths with commas:</p>
<div class="highlight-html+php notranslate"><div class="highlight"><pre><span></span><span class="c1">// localhost will be given higher priority (5) here,</span>
<span class="c1">// compared to 192.0.2.1 with a weight of 1.</span>
<span class="k">public</span> <span class="nv">$sessionSavePath</span> <span class="o">=</span> <span class="s1">&#39;localhost:11211:5,192.0.2.1:11211:1&#39;</span><span class="p">;</span>
</pre></div>
</div>
</div>
</div>
</div>
</div>


           </div>
           
          </div>
          <footer>
    <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
        <a href="throttler.html" class="btn btn-neutral float-right" title="Throttler" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
        <a href="security.html" class="btn btn-neutral float-left" title="Security" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>
        &#169; Copyright 2019-2021 CodeIgniter Foundation.
      <span class="lastupdated">
        Last updated on Feb 01, 2021.
      </span>

    </p>
  </div>
    
    
    
    Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
    
    <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
    
    provided by <a href="https://readthedocs.org">Read the Docs</a>. 

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(false);
      });
  </script>

  
  
    
   

</body>
</html>