I wonder how does the session work in CodeIgniter. Isn't the session suppose to be automatically destried when the browser is closed? The CodeIgniter does not destroy the session on browser close by default:

$config['sess_expire_on_close'] = FALSE;

Instead we can set the session expire time:

$config['sess_expiration']      = 7200;

Now for example if I set the expiration time to 0, it will keep the session as long as I do not destroy by myself:

$this->session->sess_destroy();

So how does the CodeIgniter keeps the session information for specific time, even after the browser is closed?

Also, is it secure if use this default setting(of not expiring the session with browser close) to keep user login for few days? (eg. store in session 'logged_in' => TRUE )

The session in CodeIgniter do not use the default PHP $_SESSION. It uses its own implementation with cookies. That's why it's not destroyed when you close your browser. You can also use session with database in CodeIgniter with the option $config['sess_use_database'] = TRUE; and other things you will find here : http://codeigniter.com/user_guide/libraries/sessions.html