+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11)
+--- Thread: How session works in new versions? (/showthread.php?tid=64622)
How session works in new versions? - mjkhonline - 03-13-2016
Hi.
Security is my issue and i want to know how exactly codeigniter session library works?
Does it store all data (key , value) in user cookie or just save a reference ID ?
Do we need to add any hash for our keys and values?
For example:
If i set_userdata('role', 'user')
Does client could change the value 'user' to 'admin' and get access to admin panel?
Do i need do something like this:
set_userdata(sha1('role'), sha1('user'))
Thanks.
RE: How session works in new versions? - siburny - 03-13-2016
In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies.
More info here: http://www.codeigniter.com/user_guide/installation/upgrade_300.html?highlight=session#step-6-update-your-session-library-usage
RE: How session works in new versions? - mjkhonline - 03-14-2016
(03-13-2016, 07:46 PM)siburny Wrote: In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies.
More info here: http://www.codeigniter.com/user_guide/installation/upgrade_300.html?highlight=session#step-6-update-your-session-library-usage
Oh thank you so much bro
very useful.