• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How session works in new versions?

#1
Exclamation 
Hi.
Security is my issue and i want to know how exactly codeigniter session library works?
Does it store all data (key , value) in user cookie or just save a reference ID ?
Do we need to add any hash for our keys and values?

For example: 
If i set_userdata('role', 'user')
Does client could change the value 'user' to 'admin' and get access to admin panel?
Do i need do something like this:
 set_userdata(sha1('role'), sha1('user'))   

Huh

Thanks.
Reply

#2
In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies.

More info here: http://www.codeigniter.com/user_guide/in...rary-usage
Reply

#3
(03-13-2016, 07:46 PM)siburny Wrote: In CI 3.x session data is stored on server side only. Client is assigned an ID, that's what being stored in cookies.

More info here: http://www.codeigniter.com/user_guide/in...rary-usage

Oh thank you so much bro Shy very useful.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.