我在CI的经验中遇到一些异常，日常需要的图书馆是好的，容易使用。正如已经指出的，Flashdata是一个非常好的功能。

如果你选择留在CI的会话，我强烈建议在数据库中存储会话，另外，加密cookie：

  $ config ['sess_encrypt_cookie'] = TRUE; 
 $ config ['sess_use_database'] = TRUE; 
 $ config ['sess_table_name'] ='sessions'; 
 

数据库结构应如下所示：

  CREATE TABLE IF NOT EXISTS`session`（
 session_id varchar（40）DEFAULT'0'NOT NULL，
 ip_address varchar（16）DEFAULT'0'NOT NULL，
 user_agent varchar（50）NOT NULL，
 last_activity int（10）unsigned DEFAULT 0 NOT NULL，
 user_data text NOT NULL，
 PRIMARY KEY（session_id）
）; 
 

I'm relatively new to CodeIgniter and am making my first CI project in which there are user-accounts, etc. In the past, I have always used PHP's $_SESSION variable to this end. However, CI seems to have its own session mechanism, which it claims is "better"

CI's session mechanism seems to store all the data in a cookie? Personally I like the idea of all the data being stored on the server, accessed with a cookie-key like PHPs native session mechanism... Am I being dumb thinking that's better? Should I just accept CI's mechanism? Or should I go ahead and use native PHP sessions?

What do you guys do?

Thanks,
Mala

In my experience with CI I've encountered some anomalies with its sessions, but for most day-to-day needs the library is good and easy to work with. As it was pointed out, Flashdata is a very nice feature.

If you choose to stay with CI's sessions, I'd strongly suggest to store sessions in a database and, additionally, encrypt cookies:

$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database']   = TRUE;
$config['sess_table_name']     = 'sessions';

The database structure should be as follows:

CREATE TABLE IF NOT EXISTS  `sessions` (
    session_id varchar(40) DEFAULT '0' NOT NULL,
    ip_address varchar(16) DEFAULT '0' NOT NULL,
    user_agent varchar(50) NOT NULL,
    last_activity int(10) unsigned DEFAULT 0 NOT NULL,
    user_data text NOT NULL,
    PRIMARY KEY (session_id)
);