Security

Notice that the session class automatically stores information about the IP address and user agent of the user making a page request. You can use these to give additional security.

There are two settings you can change in your config file for additional security:

sess_match_ip: If you set this to true, CI will attempt to match the user's IP address when it reads the session data. This is to prevent users from "hijacking" a log in. However, some servers (both ISPs and large corporate servers) may issue requests from the same end user over different IP addresses. If you set this value to true, you may exclude them unintentionally.
sess_match_useragent: If you set this to true, CI will try to match the user agent when reading the session data. ...

Get CodeIgniter 1.7 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CodeIgniter 1.7 by Jose Argudo, David Upton

Security

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly