Member Avatar

Ok , i just have doubt and need suggestions for this.I have multistep form.What i am doing now that i am saving step-1 and step-2 data in session and in the last when user clicks on register all data saved in sessions will passed to database and inserted there.Now i want to ask is this wrong.When i user is registered tmp files are generated in tmp folder containing user data yeah this is not good thing to do causes security issues.So is there any way i can delete these data after user is registered or any other path which does not causes security issues.



with pure PHP you can change the path in which session files are stored, see save_path:

Create a directory in a parent of public_html, so that is not reachable by a browser and other users in the server. In alternative you can store sessions in database, doing this in pure PHP requires that you write a session handler:

CodeIgniter has is own session handler so that you can save to database easily, look at session drivers:

In addition they support session temp data, so that you can mark a session for a specific expire time:

If you are concerned about database performance, then use the files driver and change the path by using $config['sess_save_path'] in the CI config file and for specific sessions use tempdata (last link). Note you have to set the path from CI because of:

[CodeIgniter] doesn’t support PHP’s directory level and mode formats used in session.save_path, and it has most of the options hard-coded for safety. Instead, only absolute paths are supported for $config['sess_save_path'].