[eluser]Xeoncross[/eluser]
[quote author="inparo" date="1217226542"]When CI retrieves the session, it splits the data again. The last 32 characters are the fingerprint, the rest is the data. It rehashes the data (with the encryption key) and compares it to the fingerprint. If they don't match, it kills the session (hacking attempt).[/quote]
ahhhhh....
So the data is safer than I thought - I forgot about doing it this way back when I first dropped cookies for sessions. (Just like the way OpenID handles stuff) Thanks Inparo.
However, people can still see data IN the cookie which might reveal more than you want about how your site works. (just as a minor closing note)
Well, that covers everything -
Topic Closed