Codeigniter, is Session class safe?

Navigation
0

Codeigniter has its own class for Session, that is, it does not use the native Sessions of PHP.

Note: The Session class does not use native PHP sessions. It generates its own session data, offering more flexibility for developers.

You can set a session as follows: 

$data_session = array(
                              'id_login'                    => $id_user,
                              'nome'                         => $nome,
                              'userPermission'                   => 1       
                              );
$this->session->set_userdata($data_session);

My question is:

Is it really safe to use this class to write ID's that should be secret?

Is there any contraindication in which we should not use this class?

    
asked by anonymous 14.04.2015 / 19:42

2 answers

1

Without due care no!

You can set some security options for your Session, such as a hash key and modify the session duration time (by default 1 hour).

A (obviously) not recommended situation is to leave the Session active after closing the browser, which was by default activated in the config.php file or recovery data;

    
14.04.2015 / 22:55
0

I believe that if you use a hash and also in the file config.php it will make false the option to leave the active session after the browser closes

    
03.11.2015 / 18:26
document.form.submit () does not validate Like Share Image and text