Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Libraries & Helpers DELETE
DELETE
  • El Forum
    Unregistered
  •  
#4
06-05-2011, 12:07 PM

[eluser]WanWizard[/eluser]
You seem to forget that EVERY session solution, including PHP sessions, create a cookie to track it.

With CI's session library, the cookie contains extra security measures, and it is encrypted so the session id can not be stolen. With PHP's sessions, there's a cookie with a single value: the unencrypted session id.
In all the years I've been reading about so called issues with CI's session class, it's more often then not about a user error when configuring the library. People using 'native' solutions are just lucky that most php.ini files contain a set of defaults that often work.

I don't mind you using this, it's up to you. I do mind you telling other potential users it is secure, when it isn't.


Messages In This Thread
DELETE - by El Forum - 06-05-2011, 09:00 AM
DELETE - by El Forum - 06-05-2011, 10:48 AM
DELETE - by El Forum - 06-05-2011, 11:18 AM
DELETE - by El Forum - 06-05-2011, 12:07 PM
DELETE - by El Forum - 06-05-2011, 12:20 PM
DELETE - by El Forum - 06-05-2011, 12:38 PM
DELETE - by El Forum - 06-05-2011, 12:49 PM
DELETE - by El Forum - 06-05-2011, 01:01 PM
DELETE - by El Forum - 06-06-2011, 05:21 AM
DELETE - by El Forum - 06-06-2011, 06:16 PM
DELETE - by El Forum - 06-06-2011, 11:23 PM
DELETE - by El Forum - 06-07-2011, 06:51 AM
DELETE - by El Forum - 06-07-2011, 09:16 AM



Theme © iAndrew 2016 - Forum software by © MyBB