Home/ Questions/Q 8502047
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T01:22:41+00:00

Question 1 Basically, what I’m asking is: Is $config[‘sess_use_database’] = TRUE; more secure even

  • 0

Question 1

Basically, what I’m asking is: Is $config['sess_use_database'] = TRUE; more secure even if $config['sess_encrypt_cookie'] = TRUE;?

I keep stumbling on blogs, Stackoverflow posts, and even CI Docs that claim $config['sess_use_database'] = TRUE; is more secure, but it seems that the location user_data is stored (in cookie or in database) shouldn’t quite matter from a security standpoint if the cookie is encrypted anyway.

Question 2

If you set $config['sess_encrypt_cookie'] = FALSE; and inspect the cookies, regardless of the value of $config['sess_use_database'], there is a (what appears to be md5) hash stuck on the end of the cookie – here’s an example:

a:4{
  s:10:"session_id";
  s:32:"a2caac03fc72d709ac280540a09d8ed7";
  s:10:"ip_address";
  s:9:"127.0.0.1";
  s:10:"user_agent";
  s:100:"Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.14 Safari/537.4";
  s:13:"last_activity";
  i:1347228760;
}7aa8ebe3fc462bd86c0c0544a969cbda

What is the significance of 7aa8ebe3fc462bd86c0c0544a969cbda? Where did it come from?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Question 1
    That depends on what you consider secure.

    The custom data you set, will be stored in the database, but session_id, ip_address, user_agent and last_activity will still be stored in the cookie. If you consider these data compromising, then the answer is yes. Otherwise the answer would be no.

    Question 2
    It’s a hash of the serialized data containing your session data combined with your encryption key. This is used to make sure that the cookies data has not been tampered with.

    • 0