Welcome Guest, Not a member yet? Register   Sign In
Session encrypt and about overwrite config expiration
#1

(This post was last modified: 01-01-2016, 05:19 PM by Gianluigi.)

Hi,

I've 2 questions about session.

Config:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'on_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = APPPATH . 'sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;

Considering application folder over the public root (../cgi-bin/application/), so sessions should not be available by navigation.

1. It makes sense to encrypt session values (as user_id, remember_me_token, any other)?

2. If I want use 7200 timeout for general session, there are ways to set sessions with higher expiration time, by overwriting config value using $this->session->set_userdata?

Thank you!
Reply


Messages In This Thread
Session encrypt and about overwrite config expiration - by Gianluigi - 01-01-2016, 05:16 PM



Theme © iAndrew 2016 - Forum software by © MyBB