The database session class can be more secure than it is now, by doing additional checks on the IP/UserAgent not just session_id. A few months ago, i wrote this extension: http://www.yiiframework.com/extension/session/ which does just that, allows the user, optionally, to enable IP and/or user-agent check when reading sessions.
Is there any chance to have this in Yii by default ?
I mean, there is no performance issue at all, it’s just a great security plus which we should have by default and not depending on this by using an extension(this sounds mean even though i wrote the extension )
Just my two cents.