[eluser]ChiefChirpa[/eluser]
[quote author="Cole2026" date="1265858192"]I've heard the CodeIgniter included session class is lacking...[/quote]
It was lacking some time ago, it was missing flashdata, regenerating session ids regularly, etc. It now has those features.
As far as I can tell the only slight gripe some people have it with it now is that it writes more than just the user_id / session_id to the cookie (it also stores the IP address, useragent and last_activity), you can of course turn on encryption to obfuscate these.
So in all use CI sessions.