Why is session data stored in cookies when using database option?

Hi guys,

I've searched the Internet for an answer to this question, but there doesn't seem to be one:

When storing sessions in the database, why is the entire session data (including the "user_data" column) still being stored as a cookie?

I can see why you want to store the session ID itself so that you can match up the session ID in the database in order to make sure the session is still valid and really exists.

But why store the entire session data both as a cookie and as a row in the session table in the database?

I presume CI reads the session info from the database when the database option is enabled (??). At least I hope so, otherwise the session data is easy to manipulate.

Thanks guys
Per

When I store sessions in the database, only the encrypted session ID is in the cookie with no other data. Perhaps you have some settings set wrong.

Also, if you change between cookies/database for sessions, be sure to delete the original session cookie which may still contain original data.

https://github.com/bcit-ci/CodeIgniter/issues/1344

Many thanks to both CroNiX and Narf.

It seems this was a known issue and will be fixed in CI 3
Fixed in #3073.