Welcome Guest, Not a member yet? Register   Sign In
Best secure session configuration ?
#1

Hi,

I'm developing a website with lot of users(500K) and lots of daily sessions.
I recently upgrade CI to version 3, so I've seen session management change to files driver (as default) and write session on server.
I've a memcache cluster available so I check if it's possible to move session to memcache and which session driver is the best.

My principal question is :
What is the best and secure configuration for sessions with CI3 ?
  • which driver ?
  • which session expiration timing ?
  • which time to update ?
Reply
#2

nobody wants to share his experience?
Reply
#3

I don't think that the selected driver would make your session more or less secure. It's far more likely that your server configuration, your application, or implementation of authentication would cause security vulnerabilities. That said, you'll notice that CodeIgniter no longer has an option to encrypt the session, so I like to do that in my application. Even still, I would never put sensitive data in the session, but it's nice to know that prying eyes can't know the contents of the session.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB