Quote:+ Login sessions are managed via a hashed session token technique as described by Barry Jaspan.
+ The session tokens mentioned above are further secured using CI’s encryption library.
Uh, why? In general, more encryption does not improve security, and often reduces it. Can you explain in more detail what you are doing there and why?