Hi jreklund,
Again, I know what can be done from a manual point of view I am talking about CI's functionality and more importantly the documentation...
As per my last post the docs clearly say:
"You may also use the stop() method to completely kill the session by removing the old session_id, destroying all data, and destroying the cookie that contained the session id:"
My concern is if this doesn't actually happen it is not only misleading but could also be a security risk if session data unknowingly lives on...
You said:
"stop() implements the functionality that the above function lacks unset the session cookie."
yet the CI docs say otherwise...
So I am asking partly to know the answer and partly to help out, e.g. is this a bug in the code e.g. it's not calling "destroy" as part of the function, or, are the docs incorrect? either way I feel it needs addressing as it could be a nasty security concern...
