How session works in new versions? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5) +--- Forum: Libraries & Helpers (https://forum.codeigniter.com/forumdisplay.php?fid=11) +--- Thread: How session works in new versions? (/showthread.php?tid=64622) |
How session works in new versions? - mjkhonline - 03-13-2016 Hi. Security is my issue and i want to know how exactly codeigniter session library works? Does it store all data (key , value) in user cookie or just save a reference ID ? Do we need to add any hash for our keys and values? For example: If i set_userdata('role', 'user') Does client could change the value 'user' to 'admin' and get access to admin panel? Do i need do something like this: set_userdata(sha1('role'), sha1('user')) Thanks. RE: How session works in new versions? - siburny - 03-13-2016 In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies. More info here: http://www.codeigniter.com/user_guide/installation/upgrade_300.html?highlight=session#step-6-update-your-session-library-usage RE: How session works in new versions? - mjkhonline - 03-14-2016 (03-13-2016, 07:46 PM)siburny Wrote: In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies. Oh thank you so much bro very useful. |