[eluser]Paul Skinner[/eluser]
I've been reading up on CI Sessions from the user guide and have found the guide to be a little lacking on the subject.
It suggests encryption of the session and storing the session data in a database using the following SQL code:
Code:
CREATE TABLE IF NOT EXISTS `ci_sessions` (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text DEFAULT '' NOT NULL,
PRIMARY KEY (session_id)
);
So is this code taking in to account the possibility of encryption, or do I need to up the varchar and int sizes to take in to account the encryption (I presume it's stored encrypted in the DB?)?
Also, if I store my own data in the session (i.e. user_logged_in = true) I presume I need to add a field to the DB for this..?
Also also, is it secure enough to store whether or not a user is a "super admin" using the encrypted cookies? I realise the answer to this question is debatable, but as a general rule is it ok for a site where security is important, but not that important.
Thanks in advance for any help.
Paul