CodeIgniter Forums
Should I implement IC sessions in my application? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Should I implement IC sessions in my application? (/showthread.php?tid=5247)



Should I implement IC sessions in my application? - El Forum - 01-13-2008

[eluser]Unknown[/eluser]
I have a question folks!

Iam building an application in CI with login for members. I have looked at bamboo invoice & FreakAuth...they all look pretty good.

Now, as an expert will you advise me to use the session implementation in CI?
Is it save from session hijacking?
If so, is there a better way to implement something more secure and how?
Or should I just trust the CI session thing and get on with it...


Thanks in advance for your help.


Should I implement IC sessions in my application? - El Forum - 01-13-2008

[eluser]tonanbarbarian[/eluser]
Currently the CI session handler stores all of the information in a cookie. Techincally if you do not use encrypted cookies it is possible to view the information in the session by looking at the data in the cookie.

For security you are better of using DB_Session or one of the other 3rd party session libraries that stores the session data in the database or similar.