Security
Notice that the session
class automatically stores information about the IP address and user agent of the user making a page request. You can use these to give additional security.
There are two settings you can change in your config
file for additional security:
sess_match_ip
: If you set this totrue
, CI will attempt to match the user's IP address when it reads the session data. This is to prevent users from "hijacking" a log in. However, some servers (both ISPs and large corporate servers) may issue requests from the same end user over different IP addresses. If you set this value totrue
, you may exclude them unintentionally.sess_match_useragent
: If you set this totrue
, CI will try to match the user agent when reading the session data. ...
Get CodeIgniter 1.7 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.