Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Best secure session configuration ?
Best secure session configuration ?
  • Offline remiheens
    Newbie
  • *
  • Posts: 5
    Threads: 2
    Joined: Aug 2015
    Reputation: 0
#1
02-09-2016, 10:24 AM

Hi,

I'm developing a website with lot of users(500K) and lots of daily sessions.
I recently upgrade CI to version 3, so I've seen session management change to files driver (as default) and write session on server.
I've a memcache cluster available so I check if it's possible to move session to memcache and which session driver is the best.

My principal question is :
What is the best and secure configuration for sessions with CI3 ?
  • which driver ?
  • which session expiration timing ?
  • which time to update ?
Reply
  • Offline remiheens
    Newbie
  • *
  • Posts: 5
    Threads: 2
    Joined: Aug 2015
    Reputation: 0
#2
02-18-2016, 07:30 AM

nobody wants to share his experience?
Reply
  • Offline skunkbad
    Senior Citizen
  • *****
  • Posts: 1,300
    Threads: 63
    Joined: Oct 2014
    Reputation: 86
#3
02-18-2016, 09:14 AM

I don't think that the selected driver would make your session more or less secure. It's far more likely that your server configuration, your application, or implementation of authentication would cause security vulnerabilities. That said, you'll notice that CodeIgniter no longer has an option to encrypt the session, so I like to do that in my application. Even still, I would never put sensitive data in the session, but it's nice to know that prying eyes can't know the contents of the session.
Expert Website Development - Temecula, CA
Community Auth For CodeIgniter 3
Reply




Theme © iAndrew 2016 - Forum software by © MyBB