[eluser]riwakawd[/eluser]
[quote author="Tim Brownlaw" date="1398398615"]To answer your question... No, they are not!
They have different names and only the session_id is generated by the system... Token is something you've come up with and need to set / define!
Not sure why you'd be passing the session_id via the URL as a GET! But that's another story!
Quick test. When in doubt - Take a look!
Code:
// Check out the individual session vars I am interested in looking at
echo '<br>';
echo "This is the Session_id ";
echo $this->session->userdata('session_id');
echo '<br>';
echo 'This is the Token';
echo $this->session->userdata('token');
echo '<br>';
//or show the whole lot
var_dump($this->session->all_userdata());
To find the answers to questions like these, you need to be able to see (inspect) what it is you are looking at!
[/quote]
I have the sessions enabled but no token show up when echoed it. Just found video on CSRF which will watch.