CodeIgniter sessions vs PHP sessions

Question

I\'m relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP\'s $_SESSION variable to this

Answer 1

I know this is an older post, but I feel it is worth sharing what I have found.

Since CI uses a cookie based approach ( even with database storage ) it causes a problem for my particular app which serves data to remote clients requesting data through curl. The bottom line is Cookies and Cross Site Scripting, although manageable, do not play well together.

I chose to try to override the native Session.php class provided by CI with my own MY_Session.php. I was happy to find this wasn't too difficult, but was surprised to find that CI was regenerating session id even though my script explicitly provided them.

According to the CI manual

The user's unique Session ID (this is a statistically random string with very strong entropy, hashed with MD5 for portability, and regenerated (by default) every five minutes)

Although I can probably find a way to override this, I am wondering if it wouldn't be much easier to revert back to PHP sessions.

Just food for thought if you're going to use CI.