Do I need to use sessions in Codeigniter?

Question

Or in PHP in general. I need to check if a user is logged in when accessing a certain page. Tutorials recommend using sessions eg

$sessionData = array('username'=>$username, 'status'=>1);
$this->session->set_userdata($sessionData);

And for better security they recommend using a db table.

What if I just store username and status in a database and then change status to 0 when people log out?

Whenever they need access to a certain page I just check if the status 1.

Answer 1

1. When you call session_start() PHP sets a cookie in the user's browser with a randomly-generated ID.
2. From then on in that file anytime you store a value in $_SESSION will [by default] be stored in a file in session.save_path at the end of the script. This file is identified by the session ID.
3. On subsequent requests the client sends their session ID cookie back to the server, so when you call session_start() in your script PHP can go and retrieve that session file and restore the contents to $_SESSION .

Literally anything you will write will simply be re-implementing this already-written behaviour, but without the added layers of security contributed over the years to the PHP project.