Do I need to manually activate the encryption of session variables in CodeIgniter?

I've read that using a database to store session variables is much safer than putting them in cookies.

If you use the CI session library and set it to store in a database instead of cookies, does it automatically encrypt the session ID variables?

Everyone is saying that it is best to use encryption when storing session variables in the database, but I'm not sure if there is another option you have to turn on, in order for the encryption to happen.

Also, where would you set the key, if you do need to activate the encryption step yourself? Is it part of the same encryption helper class?

Answers


No, CodeIgniter does not automatically encrypt session data when storing it whether it's in a DB such as MySQL or on the client side using cookies.

Setting $config['sess_encrypt_cookie'] = TRUE in system/application/config/config.php will activate encryption of cookies. If using $config['sess_use_database'] = TRUE, then the cookie itself (stored client-side) will be encrypted, but the actual session variables(stored on the DB) will not.

My guess is that this is because it's not as important to encrypt data stored in a server side DB as when storing using a cookie for the actual session variables, since the user cannot see or modify the session variables in the DB anyway.

The encryption key needs to be set using $config['encryption_key'] for encryption to work.


Need Your Help

File Upload in Documentum through ajax

java jquery documentum6.5

Is there any way we can upload files to Content server either in TaskSpace 6.6 or Web Publisher 6.5 through ajax.Current I am using execute method of ActionService class which unfortunately refresh...

How do I install eclipse PDE?

eclipse installation pde

I have already installed the eclipse IDE for Java developers (Helios Service Release 2)

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.