[eluser]WanWizard[/eluser]
CodeIgniters cookies are encrypted, so tampering with them is not going to be easy. The cookie contains the users IP and User agent, which is checked as well, to protect against session hijacking.
If the browser has cookies disabled, you're in trouble. But who has these days? Most websites don't work without cookies.
The only solution for that is to pass the session id in the URL, which is what I assume you refer to when you talk about native sessions. Which means the session ID is visible for anyone, unless you encrypt that as well. You still have your IP and User Agent check.
It shouldn't be to difficult to modify the session library to use a session id from the URI instead of using the cookie.
