Is the security of codeigniter session secure enough?

[eluser]Unknown[/eluser]
Hi, everyone. I'm a Codeigniter newbie, and I have a few questions about security of session library.

If we don't care about a logical error. Is the integrated session library feature, like saving session in database, secure enough to use? use in such as login application etc.

I try to find an answer for this question, but the latest topic about session security like this that I've found was since 2008. So I decided to start a new topic here.

Thank you

[eluser]InsiteFX[/eluser]
Database sessions are safer then storing the session in a cookie on the clients system.

The database sessions only store the session_id and some other things in the session cookie no user data is stored.

[eluser]Abel A.[/eluser]
CI uses some of the best security practices for sessions. So yes, CI sessions are secure. Security however relies on the user's application and how well the server is configured.

I personally use every single security feature CI has to offer, except for their query binding because I use PDO. It's better start implement security features when first coding, than later.

[eluser]skunkbad[/eluser]
I use the encrypted sessions, not the database style storage, and don't see how anyone could crack it. They'd have to have access to the key, and know the cipher. Is it possible?

[eluser]Abel A.[/eluser]
[quote author="skunkbad" date="1339718962"]I use the encrypted sessions, not the database style storage, and don't see how anyone could crack it. They'd have to have access to the key, and know the cipher. Is it possible?[/quote]

Yes. It would be very difficult though. The database sessions are the most secure form in CI.