[eluser]echo_boom[/eluser]
[quote author="WanWizard" date="1344798472"]It depends.
If you use cookie based session, your cookies should be encrypted, and in that case they can't. If you have disabled encryption, then everything is in the clear.
If you use server based session storage (either DB or one of the other solutions available as third-party) no data is sent to the client apart from the session id and some control data, so then the answer is no too.[/quote]
Thank you very much for the quick response.:-)
In my config.php:
Code:
$config['sess_encrypt_cookie'] = FALSE;
However, I am storing sessions to database:
Code:
$config['sess_use_database'] = TRUE;
$config['sess_table_name'] = 'ci_sessions';
In the table 'ci_sessions' I have ONLY these fields: session_id, ip_address, user_agent, last_activity, user_data.
In this config environment, will the website visitor be able to see what the application stores inside of
CI FLASHDATA?
Why or why not?