CodeIgniter session help, cookies not secure?
In the application/config/config.php file of your codigniter install you can choose to encrypt your cookies.
$config['sess_cookie_name'] = 'ci_session';$config['sess_expiration'] = 7200;$config['sess_encrypt_cookie'] = TRUE; // set from false to TRUE
Once this is set the set_userdata() and userdata() methods will transparently handle encrypting and decrypting the session data.
A full list of codigniter session config options is at the bottom of this page:
If you'd like increased security, you can choose to store session data in the database by modifying the following lines within your CodeIgniter config.php
:
$config['sess_use_database'] = TRUE;$config['sess_table_name'] = 'ci_sessions';
Then, simply create the following table:
CREATE TABLE IF NOT EXISTS `ci_sessions` ( session_id varchar(40) DEFAULT '0' NOT NULL, ip_address varchar(16) DEFAULT '0' NOT NULL, user_agent varchar(120) NOT NULL, last_activity int(10) unsigned DEFAULT 0 NOT NULL, user_data text NOT NULL, PRIMARY KEY (session_id), KEY `last_activity_idx` (`last_activity`));