+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Session Fixation and CodeIgniter Session Libary (/showthread.php?tid=53834)
Session Fixation and CodeIgniter Session Libary - El Forum - 08-10-2012
[eluser]searain[/eluser]
Does CodeIgniter Session Library already set up against of Session Fixation?
If not? What are my options?
If yes? do I need to some set up?
Session Fixation and CodeIgniter Session Libary - El Forum - 08-11-2012
[eluser]WanWizard[/eluser]
Yes, it will rotate the session id, the interval is configurable in the config.
Session Fixation and CodeIgniter Session Libary - El Forum - 08-11-2012
[eluser]searain[/eluser]
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 900;
$config['sess_expire_on_close'] = TRUE;
$config['sess_encrypt_cookie'] = TRUE;
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
Thanks.
$config['sess_time_to_update'] = 300; is the set up interval for rotating the session id? For a high security required site, what value should I set up?
Thanks!
Session Fixation and CodeIgniter Session Libary - El Forum - 04-29-2013
[eluser]Unknown[/eluser]
rotate session id based on time is a poor session fixation countermeasure. Must implement a regenerate session_id method in Sesssion class