Store session data to the database using active record instead of browser cookies.
This will prevent unauthorized user stole the cookies from the previous user or by sniffing requests.
Cookies will only contain session id, session data will be destroyed when user logout.
Store session data to the database using active record instead of browser cookies. This will prevent unauthorized user stole the cookies from the previous user or by sniffing requests. Cookies will only contain session id, session data will be destroyed when user logout.