Hi guys,
I've searched the Internet for an answer to this question, but there doesn't seem to be one:
When storing sessions in the database, why is the entire session data (including the "user_data" column) still being stored as a cookie?
I can see why you want to store the session ID itself so that you can match up the session ID in the database in order to make sure the session is still valid and really exists.
But why store the entire session data both as a cookie and as a row in the session table in the database?
I presume CI reads the session info from the database when the database option is enabled (??). At least I hope so, otherwise the session data is easy to manipulate.
Thanks guys
Per