Native sessions or CI sessions.

[eluser]EugeneS[/eluser]
session ID wont give you anything in case developer not a noob - but this is not a native session problem, it is that person so called developer problem.

in CI implementation of the native sessions exists the same security measures as in DB driven sessions implementation.

both of the ways transfer session IDs

once again if noobie developer do not lets say check password during the login routine but only login and once login is hijacked ... and this super great application was written in CI, will you claim CI as a source of the problem and call it "bad framework" or will you claim that developer who dont check password but only login because he forgot or simply noob who decided that no one will never know some one else's login ?

the same situation with the native sessions - if some one implements them without security in mind - shame on him, but this is not a native sessions problem, this is problem of the developer mind absence.

well known CI extensions which allows you to use native sessions already have the same security measures as database driven sessions implementation - so, topic starter can use them without problems.


about file storage vs database storage and speed ... some one simply forgetting the fact that:
1) database is also uses files to store data
2) database has queue which could be simply stopped lets say in myisam by some stupid update (and many other cases - this one just the simplest case came in mind)
3) sending query to the database , searching for the data and receiving results i'm sure in 99% taking more time than read the file

even without searching for the data step (which could be pretty time taking in big databases), just send-receive will take more time than read file.

4) ohh yes and dont forget about updating the table AND reindexing it
etc ... so forget about the database way