Hi,
I've 2 questions about session.
Config:
$config['sess_driver'] = 'files';
$config['sess_cookie_name'] = 'on_session';
$config['sess_expiration'] = 7200;
$config['sess_save_path'] = APPPATH . 'sessions';
$config['sess_match_ip'] = TRUE;
$config['sess_time_to_update'] = 300;
$config['sess_regenerate_destroy'] = FALSE;
Considering application folder over the public root (../cgi-bin/application/), so sessions should not be available by navigation.
1. It makes sense to encrypt session values (as user_id, remember_me_token, any other)?
2. If I want use 7200 timeout for general session, there are ways to set sessions with higher expiration time, by overwriting config value using $this->session->set_userdata?
Thank you!