[eluser]jedd[/eluser]
[quote author="tokyotech" date="1255915049"][quote author="trs21219" date="1255777774"]not really considering once it is accessed it is stored in mysql's memory (ram) until it expires in which case it is just re added to the memory[/quote]
I thought that requires Memcache. Will Apache cache database queries without Memcache?[/quote]
How is MySQL's query caching related to Apache?
[eluser]tokyotech[/eluser]
I was just asking questions to learn about CI and general facts about performance and security, not to purposely "stick it to the man". I have taken all your advice into account. Thanks.
[eluser]tokyotech[/eluser]
[quote author="jedd" date="1255918992"]
How is MySQL's query caching related to Apache?[/quote]
I don't know. I was guessing. I suck at the whole architecture of web servers.
[eluser]n0xie[/eluser]
[quote author="FernandoMM" date="1255745423"]
The CI implementation of sessions is horrible. It is extremely insecure.[/quote]
Can you elaborate on this? I have yet to see a more secure implementation of sessions, when used in conjunction with the database and an encrypted cookie, so I'm very curious how you would label this as 'extremely insecure' and 'horrible'.
[eluser]WebsiteDuck[/eluser]
Sorry to bring up a 3 month old thread but I share the concern about CI sessions being insecure.
If you are not going to use encryption+database (which would be more secure) then you should just use PHP sessions.
In PHP sessions, an attacker can compromise one account by hijacking the sessionid, which is unlikely but not impossible. Data is stored server-side and cannot be changed by a user unless they have access to the webserver.
In the default CI sessions, any user can modify their cookie and change, for instance, their logged in username. This compromises every account.
Using CI sessions with encryption and database would be more secure though, I believe. This should make sessionid hijacking less likely.
So thats my two cents. Coders should not assume default CI sessions act like PHP sessions, or they risk being insecure. Feel free to correct me if I'm mistaken anywhere.