Using Session In Codeigniter

#1
[eluser]Unknown[/eluser]
Hi Everyone,

I know the session library of CI use COOKIE instead of standart PHP SESSION.

So, there are 2 options in config file:

sess_encrypt_cookie
sess_use_database


If I want to store private datas on CI Session, then its become visible in the Cookie section. So its very bad if we want to keep it secure and private. I know that if I enable sess_encrypt_cookie = TRUE and set the encryption_key in the config file then the cookies become encrypted and more secure. Also I can use sess_use_database.

But I want to know why the CI using COOKIE instead of SESSION? Is this safe even if we use a key? Saving the session data to user computer by COOKIE is true? Is there a way to switch COOKIE to SESSION in CI config?

Thanks for all.

#2
[eluser]steelaz[/eluser]
PHP sessions you are thinking of also use cookies, cookie name usually is PHPSESSID.

#3
[eluser]Unknown[/eluser]
But PHP just store the session id in PHPSESSID . I didnt see the other session datas store in the cookies. Am I wrong?

#4
[eluser]steelaz[/eluser]
Well, if you choose sess_use_database then it also will store only session ID in a cookie. IIRC there is session library in CodeIgniter's wiki that uses native PHP sessions.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.