# Security Settings
CI_ENVIRONMENT = production

# Session Security
app.sessionDriver = 'CodeIgniter\Session\Handlers\DatabaseHandler'
app.sessionCookieName = 'secure_session'
app.sessionExpiration = 1800
app.sessionSavePath = 'ci_sessions'
app.sessionMatchIP = true
app.sessionTimeToUpdate = 300
app.sessionRegenerateDestroy = true

# CSRF Protection
security.csrfProtection = 'session'
security.tokenRandomize = true
security.expires = 7200
security.regenerate = true

# Cookie Security
cookie.secure = true
cookie.httponly = true
cookie.samesite = 'Strict'

# Force HTTPS
app.forceGlobalSecureRequests = true