(06-23-2017, 02:01 AM)Narf Wrote: Persistent, not permanent. But if there's any security issue with that, it's the "stores sensitive session information" part.
Also, the configuration you're showing is a CI2 one.
Yeah Narf. Actually IĀ upgraded from CI2 to CI3 but somehow missed to change the config file. But I had changed the columns in session table as CI3. Thanks for pointing it out.
Now, I thought storing the session in database will help increasing the application security. How do I achieve RAM cookies as suggested by audit?