[Solved] Is Session_ID Same as Token

[eluser]riwakawd[/eluser]
[quote author="Tim Brownlaw" date="1398398615"]To answer your question... No, they are not!

They have different names and only the session_id is generated by the system... Token is something you've come up with and need to set / define!

Not sure why you'd be passing the session_id via the URL as a GET! But that's another story!

Quick test. When in doubt - Take a look!

Code:

// Check out the individual session vars I am interested in looking at
echo '<br>';
echo "This is the Session_id ";
echo $this->session->userdata('session_id');
echo '<br>';
echo 'This is the Token';
echo $this->session->userdata('token');
echo '<br>';
//or show the whole lot
var_dump($this->session->all_userdata());

To find the answers to questions like these, you need to be able to see (inspect) what it is you are looking at!

[/quote]

I have the sessions enabled but no token show up when echoed it. Just found video on CSRF which will watch.