Multidimensional arrays in session lib

[eluser]orokusaki[/eluser]
The session array is not stored in the database. The documentation is a bit misleading. Only the ID, User Agent, TimeStamp, and IP Address are stored in the database. You still only have 4KB of space (due to cookies) to store data, which equates to about 2.5KB if you use encryption.

That said, the sessions are secure if you set encrypt_coo.... to TRUE. Adding the database makes them even more secure because the session_id is checked against the DB session_id, and the User Agent is checked. This prevents session fixation, and hijacking. I'm not recommending anything, because I could be wrong, but if you set the encryption keyword in your config to something only you know, this "salt" makes the cookie data so secure that nobody could possibly find out what it means, even if they had multiple values (because the encryption is true - not just algorithmic), so in essence you could store a CC# (Don't though).