[Urgent]Yii Cdbhttpsession Vs Chttpession, Issus

Hello guys, I need some suggestions about which class I should use between cdbhttpsession and CHttpSession.

We are building an E-commerce site with Yii framework.

Customer security issues are the most critical thing we need to consider.

After separating my client application between Server A and MySql storage in Server B,

I then had some issues when using the session component:

  • Using CDbHttpSession,

When i call

Yii::app()->user->hasState(‘orderDetails’) => returns false.

When I call this again or even third time, it does pass. Yii::app()->user->hasState(‘orderDetails’) => finally returns true.

I am guessing that it is caused by the communication with Server B ? delay? timeout?

  • Using CHttpSession,

The problem described above doesn’t arise. The customer goes through the payment page, redirected to 3rd party site (of the bank). When the customer returns back less than 1 minute later, the user gets disconnected. What’s more embarrassing is that it happens not every time, just 1/3 of the time.

So I decided to create a local session database for server A using CDbHttpSession. I have a feeling this could be dangerous, such as if our server A is hacked, the session variable could be hacked too, and all the information could be hacked.

So, I am hoping to find some solutions for these issues, and also suggestions regarding security on this matter.

Thanks a lot.