[eluser]Andy78[/eluser]
In Jeffrey Way's tut he creates a login system that just uses the cookies to store session data. he states that it can be enhanced and made more secure by using the database but does not go into it.
Now using the database as far as i can tell is just a matter of creating the table as per this
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)
);
and then setting this in the config file: $config['sess_use_database'] = TRUE;
How much of an effect on security does this actually have?
What else would i really be looking to do to enhance the login session security outlined in that tut?