the session library based on cookie?is it safe enough?

[eluser]RING[/eluser]
is the session library( $this->session->userdate('someKey') ) based on cookie?

as we know that hacker could DIY cookie~ so ....

is it safe enough?

as safe as the tradition session $_SESSION['someKey'] ?

[eluser]darkhouse[/eluser]
I think you're better off using database sessions (which they fixed in v1.7.0 I believe) so it just sets a cookie for the session id, and that gets regenerated every so often, it would be extremely difficult for someone to guess the right cookie id of an existing session.

Just to clarify, $_SESSION works no different, it can store data in a cookie or files, but it still needs to send an id from page to page, either by a cookie or a GET variable. I think using database sessions is safer than regular old sessions.

[eluser]TheFuzzy0ne[/eluser]
If you're cookie is encrypted, it should be just as secure as putting it in your database.

Using a database is an even better idea, however. It can make your application faster, as the user is sending less data to you on each request, and you are sending less data back to the user. Also, I think you can store more data in the database column than you can in a cookie.

[eluser]RING[/eluser]
thank you ~ next time i will save it in my database....