Why does codeigniter store its sessiondata in a cookie?

Question

Why does Codeigniter do this? I mean isn\'t it very insecure if users can see which data is stored in their session? And and what if they change a value in the cookie?

Answer 1

Storing session in Cookie is a worst practice, every browser has a size limit for cookie and cookie is a thing which get send every time with your request, though it is simple ajax request, this practice will only make your requests slow, I think while developing session library for Codeigniter they might hove thought, that user's will only store small amount of data in session, but its simply stupid idea to store a session in Cookie