[eluser]WanWizard[/eluser]
No.
Native sessions are inheritly insecure, and even more so on a lot of shared hosts. CI doesn't come with it's own session library for nothing.
CI's session library is secure, but unfortunately the defaults are not the best they could have picked. So in your application/config/config.php:
Code:
$config['sess_cookie_name'] = 'cisession'; // get rid of the underscore, IE doesn't like it
$config['sess_encrypt_cookie'] = TRUE; // do encrypt the cookie
$config['sess_use_database'] = TRUE; // store session data in the database, not in the cookie
$config['sess_match_ip'] = FALSE; // if you don't have users with alternating proxies, set this to TRUE too
and create the session database as documented in the user guide.
