[eluser]Unknown[/eluser]
Hi Everyone,
I know the session library of CI use COOKIE instead of standart PHP SESSION.
So, there are 2 options in config file:
sess_encrypt_cookie
sess_use_database
If I want to store private datas on CI Session, then its become visible in the Cookie section. So its very bad if we want to keep it secure and private. I know that if I enable
sess_encrypt_cookie = TRUE and set the
encryption_key in the config file then the cookies become encrypted and more secure. Also I can use sess_use_database.
But I want to know why the CI using
COOKIE instead of
SESSION? Is this safe even if we use a key? Saving the session data to user computer by COOKIE is true? Is there a way to switch COOKIE to SESSION in CI config?
Thanks for all.