how safe is $this->session ? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: how safe is $this->session ? (/showthread.php?tid=2068)

how safe is $this->session ? - El Forum - 07-14-2007 [eluser]Doosje[/eluser] I'm seeing a lot of people using the internal session library where they store if an user is autenticated(and they didn't talk about sessions in the db). But if i'm storing something like "auth=1" in there and after that i do an 'var_dump($_SESSION)' i seee the 'auth=1' serialized I would say that session is a cookie and can be easily tempered with.. Or am i wrong... how safe is $this->session ? - El Forum - 07-14-2007 [eluser]Mirage[/eluser] Basically you're right. You can make it more secure by using the encryption functionality. Still doesn't make it impossible to hack, but it's a lot harder. Also, just because something is 'auth' you don't need to call it that. :-). Neither do you need to set it to 1. Encrypted or not - obfuscation an misdirection is a valid weapon too. Finally, check out the PHPSession and other libraries that are out there to work with PHP Session object instead. Cheers! how safe is $this->session ? - El Forum - 07-15-2007 [eluser]Doosje[/eluser] I'll head over to http://codeigniter.com/wiki/Native_session/ Thanks .. though i shoud mention it better in the documentation . ... how safe is $this->session ? - El Forum - 07-15-2007 [eluser]Al James[/eluser] You could also check out my personal choice: DB_Session http://codeigniter.com/wiki/DB_Session/ Its basically the same as Native_Session, but it stores everything in the DB. I would say thats better if you ever plan to roll out to a DB cluster. how safe is $this->session ? - El Forum - 07-15-2007 [eluser]Doosje[/eluser] I'll take a dive into it.. Thanks..it's probably what i need. how safe is $this->session ? - El Forum - 07-15-2007 [eluser]WeeJames[/eluser] I give another vote for db_session.