Member Avatar for anmol.raghuvanshi1

Ok , i just have doubt and need suggestions for this.I have multistep form.What i am doing now that i am saving step-1 and step-2 data in session and in the last when user clicks on register all data saved in sessions will passed to database and inserted there.Now i want to ask is this wrong.When i user is registered tmp files are generated in tmp folder containing user data yeah this is not good thing to do causes security issues.So is there any way i can delete these data after user is registered or any other path which does not causes security issues.

Framework-codeigniter

Hi,

with pure PHP you can change the path in which session files are stored, see save_path:

http://php.net/manual/en/session.configuration.php#ini.session.save-path

Create a directory in a parent of public_html, so that is not reachable by a browser and other users in the server. In alternative you can store sessions in database, doing this in pure PHP requires that you write a session handler:

CodeIgniter has is own session handler so that you can save to database easily, look at session drivers:

In addition they support session temp data, so that you can mark a session for a specific expire time:

If you are concerned about database performance, then use the files driver and change the path by using $config['sess_save_path'] in the CI config file and for specific sessions use tempdata (last link). Note you have to set the path from CI because of:

[CodeIgniter] doesn’t support PHP’s directory level and mode formats used in session.save_path, and it has most of the options hard-coded for safety. Instead, only absolute paths are supported for $config['sess_save_path'].

From: https://codeigniter.com/user_guide/libraries/sessions.html#files-driver

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.