As the manual says:
Note. The Session class does not use native PHP sessions. It generates its own session data, offering great flexibility for developers.
But when I store some data using $this->session->set_userdata(array('sample_key' => 'sample_value'));in phpinfo()I can find sample_key, and sample_valuein this.
I was hoping part
does not use native PHP sessions
means it hides session variables from phpinfo().
I always thought this could be a security flaw. May be?
It seems the values ββare urlencodeed.
source
share