Welcome Guest, Not a member yet? Register   Sign In
session()->stop() not destroying data

Hi jreklund,

Again, I know what can be done from a manual point of view I am talking about CI's functionality and more importantly the documentation...

As per my last post the docs clearly say:

"You may also use the stop() method to completely kill the session by removing the old session_id, destroying all data, and destroying the cookie that contained the session id:"

My concern is if this doesn't actually happen it is not only misleading but could also be a security risk if session data unknowingly lives on...

You said:

"stop() implements the functionality that the above function lacks unset the session cookie."

yet the CI docs say otherwise...

So I am asking partly to know the answer and partly to help out, e.g. is this a bug in the code e.g. it's not calling "destroy" as part of the function, or, are the docs incorrect? either way I feel it needs addressing as it could be a nasty security concern...

Messages In This Thread
session()->stop() not destroying data - by beng - 04-22-2020, 03:51 PM
RE: session()->stop() not destroying data - by beng - 05-11-2020, 03:27 AM

Theme © iAndrew 2016 - Forum software by © MyBB