• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Writing Admin/User/Public controllers to insure authentication

#25
OK I have finally got around to handling sessions in my controllers. I see that session->set_userdata() stores information in a cookie on the user's machine. I know you can encrypt your cookies, but I am reluctant to store sensitive data or values that could be manipulated by a malicious user in this fashion. I am accustomed to storing ONLY a session ID in the cookie and storing information related to that session ID on the server (where it cannot be directly manipulated by the client.

Is there some way to make sure that the session contents are stored on the server and only the session ID is stored in the user cookie?
Reply


Messages In This Thread
RE: Writing Admin/User/Public controllers to insure authentication - by sneakyimp - 01-11-2015, 01:33 PM

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.