What's last situation with the CI Session Class?

[eluser]BufferOverflow[/eluser]
[quote author="WanWizard" date="1300462830"]The wiki (content) is a major problem in itself. Nobody moderates and maintains it.
This specific page might have been true a long time ago (like CI 1.6 or earlier).

As for the named weaknesses:
- user data doesn't have to be stored client-side (it is by default so no database is required by default)
- the session cookie is encrypted, contains additional checks on IP and user agent (if enabled), and provides session id rotation (default every 5 minutes)
- see my first bullet

For PHP's own session management:
- it adds HTTP headers that might conflict
- it only uses a session_id
- the session id is not encrypted
- you have to manually deal with session fixation and session hijacking
- session data is stored in files, by default in a shared location on the server

As for everything you use, proper configuration, and knowing the restrictions of your environment, is important.

For example, there are still lots of people using 'localhost' to define the cookie_domain. According to the RFC, this is an illegal hostname, more and more browsers will reject the cookie if you use this.[/quote]

Thanks for the clarifications and advices. But it says 1.7.2. It means it was not long time ago. We need to delete this entries. Otherwise someone like me could be caught and waste their time.