Why does codeigniter store its sessiondata in a cookie?

Question

Why does Codeigniter do this? I mean isn\'t it very insecure if users can see which data is stored in their session? And and what if they change a value in the cookie?

Answer 1

Well, it's data about the user. If they want to change it... so what? I don't see how it's "insecure".

You can encrypt session data, or use databases for session data integrity verification.

The documentation is your friend; use it.

---

^{For what it's worth, it does seem daft that native PHP sessions aren't used. The documentation claims that this offers "more flexibility" to developers, but given the caveats listed on that page, I can't imagine how.}