CodeIgniter Sessions are not real Sessions

[eluser]n0-0ne[/eluser]
I've been programing PHP applications for a long time now but new to CodeIgniter (just reading the manual for the first time now to see it's capabilities).

and I was quite pazzled to see that the Session library save all the session data in a cookie.
this is bad practice, since session data should never leave the server and only the session identifier should be saved in a cookie.

I saw there is an option to secure the data using the database but many users will probably wont be aware for the dangers of using this feature without database validation.

this library should be split into a Cookie library (since without DB all it does is to offer advance cookie capabilities ) and a Session library forcing users to enable DB support for it.
a better solution (tho more time costly) would be to integrate the session library to work with php built in session handler function, improving them for better flexibility and security. thus eliminating the need for database use leaving it as an option to harden security on shared servers.