CodeIgniter is one of the leading PHP Frameworks and we use it since years for custom developments. Its Syntax is easy to learn and building applications couldn't be easier.

We make heavy use of Subversion and the goal is to deploy the Code easily to various Test- or Live-Servers as well as Update CodeIgniter by copying the new Version (Zip-File) over the existing install without making manual changes.

Unfortunately this isn't possible out-of-the-box because

  • Config Files would be overwritten on every Update to a new CodeIgniter Version (with the Files within the install package)
  • Config Files on the Test-/Client Servers would be overwritten by the ones from our Subversion
  • Core Hacks have to be done on every Update of SubVersion

Lets begin with avoiding hacking Core Files

On a classical install, the Documentation says we have to change the index.php File in the Root Directory and set the ENVIRONMENT constant do either "development", "testing" or "production". There are some discussions out there with Developers of CodeIgniter if that File is a so called Core File or not. We (and most of the people on that threads) mean that this is one of the important Core Files and shouldn't be changed by users.

Solution: as this constant is used just in that one File, we leave the default value "development" and don't use it anymore.

Config Files would be overwritten on Updates

All Files in the /application/config/ directory would be overwritten on Updates.

Solution: create a directory called "development" under the "/application/config/" directory. CodeIgniter first checks if there are Files and if not it uses the Standard directory.

By adding this Skeleton to one of those Files (i.e. config.php) the first php-include includes the original lines of the Config File  (for the Case we get new Lines in Config-Files after Updates). Then override some or all Lines with our own.

<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

# required for native session management


$config['index_page'] = '';
$config['language'] = 'dummy';
$config['sess_encrypt_cookie'] = TRUE;
$config['compress_output'] = TRUE;


The last PHP-Include loads an additional Config File from the "/_custom/config" Folder with the same name (config.php). That way we could deploy the whole Source-Code to Customers Servers without overwrite their Configurations with ours. On Developers PCs we have our own Config Files in /_custom/ Folders.

That way we can override all config files with our own (but not the contents of constants.php because on standard-installs it is not possible to override constants.

Use our own Session Handling

As you can see we putted session_start() to that File. This is because we don't want to make use of CodeIgniter's internal Session Handling because all Session Values are stored in a User's Cookie and this could be forged (yes i know, it is encrypted but we mean the contents of Sessions shouldn't be sent to or from the user).

Therefore we use the global Session Variable $_SESSION when we need it.