The CI session library will get you up and going very quickly, giving you greater flexibility than native sessions. Keep in mind, though, that the CI_Session class is pretty paranoid; you might get some unexpected session expiration, particularly with AJAX-heavy applications.

I recommend going with CI sessions, with the following caveats:

1. Don't autoload the session class, as you'll probably want to ignore session renewal in some instances.
2. As best you can, avoid the session class for AJAX requests (if you absolutely need it, you'll need to overhaul the sess_update() function to prevent unexpected expirations)
3. You shouldn't be loading images dynamically through CI, but there are cases where it's needed. The same issues apply here as with AJAX requests.

Additionally, you'll need to store sessions in a table if you risk needing more storage than cookies allow (4KB, I think; you'll use it up even faster with encryption). Might as well go with a database and be done with it.

You can also have the best of both by using the native session extended library.

To quote:

Benefits over CI_Session * hardened against session fixation by cookie id TTL (time to live) - regenerates cookie id automatically every given amount of time (right now configured inside the class) - see Note about making it setable. * you can use all available PHP session storage drivers (database, memcache, etc.) * “flash” session attributes (see: “Flash” attributes)

Benefits over PHPsession * compatible with CI_Session - the same way of use, just load the library, set_userdata(), userdata() - easy to migrate existing apps to Native_session - need docs - use the CI manual :) * better security (automatic and manual session id regeneration)

PHPsession introduces concept of session namespace, which IMHO encourages you to use large number of the the session vars. I prefer to limit the use of sessions as much as possible (because of the potential scalability problems), so the Native_session won’t implement session namespaces.

I would go for native PHP Session because I believe there's a problem with the latter.

What if the user's browser have cookies disabled? Although Browsers with cookies disabled aren’t getting far on the internet these days… But still, there are people having their cookies disabled so CI sessioncookies in not a very good candidate...

So how can we use $_SESSION[] in codeigniter? Try this:

Since the pages in mvc are triggered by the controller, we could do this

public function __construct(){
    self::$instance =& $this;
    foreach (is_loaded() as $var => $class) {
        $this->$var =& load_class($class);
    }

    $this->load =& load_class('Loader', 'core');

    $this->load->initialize();

    log_message('debug', "Controller Class Initialized");
    session_start();
}

to the CI_Controller class on system/core/Controller.php