Ok , i just have doubt and need suggestions for this.I have multistep form.What i am doing now that i am saving step-1 and step-2 data in session and in the last when user clicks on register all data saved in sessions will passed to database and inserted there.Now i want to ask is this wrong.When i user is registered tmp files are generated in tmp folder containing user data yeah this is not good thing to do causes security issues.So is there any way i can delete these data after user is registered or any other path which does not causes security issues.


2 Years
Discussion Span
Last Post by cereal


with pure PHP you can change the path in which session files are stored, see save_path:


Create a directory in a parent of public_html, so that is not reachable by a browser and other users in the server. In alternative you can store sessions in database, doing this in pure PHP requires that you write a session handler:

CodeIgniter has is own session handler so that you can save to database easily, look at session drivers:

In addition they support session temp data, so that you can mark a session for a specific expire time:

If you are concerned about database performance, then use the files driver and change the path by using $config['sess_save_path'] in the CI config file and for specific sessions use tempdata (last link). Note you have to set the path from CI because of:

[CodeIgniter] doesn’t support PHP’s directory level and mode formats used in session.save_path, and it has most of the options hard-coded for safety. Instead, only absolute paths are supported for $config['sess_save_path'].

From: https://codeigniter.com/user_guide/libraries/sessions.html#files-driver

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.