I have seen that codeigniter have facility to save session values in database.
It says saving session in database is good security practice.
But I think saving session in database helps to improve performance.
They save only few elements of the session, such as
CREATE TABLE IF NOT EXISTS 'ci_sessions' (
session_id varchar(40) DEFAULT '0' NOT NULL,
ip_address varchar(16) DEFAULT '0' NOT NULL,
user_agent varchar(50) NOT NULL,
last_activity int(10) unsigned DEFAULT 0 NOT NULL,
user_data text NOT NULL,
PRIMARY KEY (session_id)
It doesn't improve security in any way.
The most common and reasonable pattern to store sessions in database is when you have several frontend servers, so you need a shared session storage for them.
For downvoters: a file in filesystem isn't less secured than a record in database.