Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Secure Admin Area
Secure Admin Area
  • El Forum
    Guest
  •  
#1
10-18-2009, 11:56 AM

[eluser]clintonbeattie[/eluser]
Okay, I know people have touch on this before, but I just want to clarify something. When using CI sessions is this just a client side cookie and therefore not secure.
The reason being is that I want to create a secure area and have a feeling that I should just use PHP native SESSION function?

Can some give some advice please?

Many thanks,
C
  • El Forum
    Guest
  •  
#2
10-18-2009, 12:08 PM

[eluser]jedd[/eluser]
[quote author="modelreject" date="1255906592"]
Okay, I know people have touch on this before, but I just want to clarify something. When using CI sessions is this just a client side cookie and therefore not secure.
[/quote]

The manual clarifies this for you quite nicely - read the Session Class page:

Quote:
The Session class permits you maintain a user's "state" and track their activity while they browse your site. The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie. It can also store the session data in a database table for added security, as this permits the session ID in the user's cookie to be matched against the stored session ID. By default only the cookie is saved. If you choose to use the database option you'll need to create the session table as indicated below.
  • El Forum
    Guest
  •  
#3
10-19-2009, 03:25 AM

[eluser]clintonbeattie[/eluser]
Okay. Thanks. It would be great if Codeigniter was a bit more secure in this regard as I can see a few initial security issues here. Lets hope the next update rectifies and simplifies this process, more in tune with PHP native functions. I will just use raw PHP for secure sessions.
  • El Forum
    Guest
  •  
#4
10-19-2009, 03:35 AM

[eluser]wiredesignz[/eluser]
Native PHP sessions are either a client side cookie or a session id in the URL relating to a data store on the filesystem. There is no magic to this.

CI provides as much security as you could ever want.
  • El Forum
    Guest
  •  
#5
10-19-2009, 03:51 AM

[eluser]jedd[/eluser]
[quote author="modelreject" date="1255962322"]
It would be great if Codeigniter was a bit more secure in this regard as I can see a few initial security issues here.
[/quote]

Rather than seeing them quietly by yourself over there, could you perhaps see them in a more sharing, verbal manner here in the forums?

Claims of insecurity are quite rare and hence particularly interesting.




Theme © iAndrew 2016 - Forum software by © MyBB