问题
As the manual says:
Note: The Session class does not utilize native PHP sessions. It generates its own session data, offering more flexibility for developers.
But when I store some data using $this->session->set_userdata(array('sample_key' => 'sample_value'));, in phpinfo() I can find sample_key and sample_value in that.
I hoped that the part
does not utilize native PHP sessions
to be meaning that it hides the session variables from phpinfo().
I'd always thought that it might be a security lack. Could it be?
As it seems, the values are urlencodeed.
回答1:
CodeIgniter's "session" just stores the data in a cookie, and calls it a session. Native PHP sessions store the data on the server, and a "sessionID" in a cookie.
In phpinfo, you can see the variables, but it's your session, you can't see another user's session.
来源:https://stackoverflow.com/questions/9506694/how-are-codeigniters-session-system-separated-with-phps-built-in-session