Welcome Guest, Not a member yet? Register   Sign In
Security Session, DB and more
#1

Hello,

I've been looking for an simple robust and secure login.
I've seen some and read about many.

I've a short question about security itself.
Not direkt about CI only.

Assumptions:
  • Sessions are stored only on the server
  • The Session-ID ist stored on the client in a cookey (js cookies disabled)
  • With https the whole communication is secure
  • With session regenearation (best every call) the session id changes with each call, makes it hard to capture a session
  • I can store the Agent-String and the User-IP in the session and compare them each call.
  • I can store a timeout value in the session. I the next call is past this time I remove the session
  1. Anything I've forget?
  2. Why should a DB with session information should enhance security?
    Each Session is a file on the webserver
Reply




Theme © iAndrew 2016 - Forum software by © MyBB