Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Normal session or database session for login security
Normal session or database session for login security
  • El Forum
    Guest
  •  
#1
03-05-2012, 04:12 AM

[eluser]veledrom[/eluser]
Hi,

What is the better way of holding login details? Shall I use normal CI session or CI database session? Does it make any difference in terms of security?

Thnaks
  • El Forum
    Guest
  •  
#2
03-05-2012, 05:46 AM

[eluser]InsiteFX[/eluser]
Database sessions are safer!
  • El Forum
    Guest
  •  
#3
03-05-2012, 06:51 AM

[eluser]veledrom[/eluser]
Thanks I'll use db session then.
  • El Forum
    Guest
  •  
#4
03-05-2012, 07:36 AM

[eluser]PhilTem[/eluser]
One can easily convince yourself Wink

The thing with non-database stored sessions is: The data you store inside the session is stored on the user's side. Therefore he can easily sniff into the code and changes things. If you don't even encrypt your session-data then you're open to any type of session injection.
When using database stored sessions only the session-id is stored on the user's side. Nothing more therefore he can't sniff the code and change any data.

If you don't mind letting people read your session data or don't have any sensitive data to be stored within the session you can take some load off your MySQL-server and store the sessions on the user side.

But I personally always go with database-stored sessions. It's definitely safer Wink
  • El Forum
    Guest
  •  
#5
03-06-2012, 01:35 AM

[eluser]veledrom[/eluser]
I was expecting to hear db session option so the first answer satisfied my thoughts about the option to go for that's why "one can easily convince yourself" case occurred Smile

Thanks




Theme © iAndrew 2016 - Forum software by © MyBB