How session works in new versions? |
Hi.
Security is my issue and i want to know how exactly codeigniter session library works? Does it store all data (key , value) in user cookie or just save a reference ID ? Do we need to add any hash for our keys and values? For example: If i set_userdata('role', 'user') Does client could change the value 'user' to 'admin' and get access to admin panel? Do i need do something like this: set_userdata(sha1('role'), sha1('user')) Thanks.
In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies.
More info here: http://www.codeigniter.com/user_guide/in...rary-usage
(03-13-2016, 07:46 PM)siburny Wrote: In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies. Oh thank you so much bro very useful. |
Welcome Guest, Not a member yet? Register Sign In |