Hello, we use in Ci4 session and cookie for keep Logined Users and other thing which need be protected. I think session already have some protection from http server. But if need keep some info between sessions, we use Cookie which make on client side(Browser) record. And some users can modify this record. For example some sites can just write user_id in Cookie and restore session by it, because this is simple. If we use in .env file - "cookie.secure = true", this will help for above case? I'm try use this param and have many new CodeIgniter sessions in one browser session for every refresh page, and this not usable, maybe it need more configurations from http server or what? Or we need use other way to secure Cookie record, like crypt or something?
