My sessions are working fine, I have a complex custom user permissions system using TankAuth. I started this project as a small one, it has turned into something monstrous. Most of the data is fetched async via javascript frontend. Its basically an API now, with some exceptions.
My question is in regards to sessions. I understand that CI 3 (or later version somewhere) changed the session library to allow multiple ajax calls not to block each other. I have noticed that whilst running multiple ajax requests my application fetches results all together after a delayed time. I'm convinced this is due to blocking of sessions but i am wary to attempt a fix due to security concerns.
How do i stop ajax calls from session blocking each other without risking security?
First off, I believe you're using the word "block" for two different things ...
Here:
I understand that CI 3 (or later version somewhere) changed the session library to allow multiple ajax calls not to block each other.
And here:
I have noticed that whilst running multiple ajax requests my application fetches all together after a delayed time. I'm convinced this is due to blocking of sessions
CodeIgniter 3 didn't just change the Session library - it replaced it with a completely new one, and one of the reasons why was for multiple requests not to interfere with each other (the first quote).
However, the way to achieve that is to use locking (or what you call "blocking" in the second quote and in your question). And you can't avoid this.
What you can do, is call session_write_close() in your requests as soon as they no longer need to modify the $_SESSION array - that will free the lock and close the session for the current request, but still preserving $_SESSION contents for reading.