Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion how does session data manipulation work with cookies?
how does session data manipulation work with cookies?
  • El Forum
    Guest
  •  
#2
05-21-2012, 02:19 PM

[eluser]WanWizard[/eluser]
CI can encrypt the cookie payload by setting $this->session->sess_encrypt_cookie to TRUE (or in the config).

Unfortunately, up until the latest release (2.1.0), the default is FALSE, which will open your app for this vulnerability.

imho opinion it should be TRUE by default to avoid beginners making errors like this, if you insist on using cookie-only sessions (which ideally you should avoid, don't send session data to the client).


Messages In This Thread
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 01:49 PM
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 02:19 PM
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 02:57 PM
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 03:27 PM
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 03:35 PM
how does session data manipulation work with cookies? - by El Forum - 05-21-2012, 04:51 PM
how does session data manipulation work with cookies? - by El Forum - 05-22-2012, 10:45 AM
how does session data manipulation work with cookies? - by El Forum - 05-22-2012, 10:55 AM
how does session data manipulation work with cookies? - by El Forum - 05-22-2012, 11:44 AM
how does session data manipulation work with cookies? - by El Forum - 05-22-2012, 12:09 PM
how does session data manipulation work with cookies? - by El Forum - 05-22-2012, 01:33 PM



Theme © iAndrew 2016 - Forum software by © MyBB