FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Best practice, (secure), to save session data? [message #178402] Thu, 14 June 2012 08:35 Go to previous message
Simon is currently offline  Simon
Messages: 29
Registered: February 2011
Karma:
Junior Member
Hi,

We have a site where many users can login/logout, (giving them access to
their personal information).

The users have 2 choices, either we 'remember' the user after they close
their browsers or not, (for up to 30 days).

We create a unique cookie id and we store/retreive the data based on
that unique id.

But that means a read + a write every single time any user hits the
site. I realise that it is a very small operation with a tiny amount of
overhead, but I wonder if it is the 'best' solution.

It was suggested that I base64_encode/base64_decode the data as a cookie
but I am not sure about the security implications of doing that, (the
way I see it, if they can get the session cookie then they can just as
well access the base64_encoded data anyway).

We have an https site, but we also allow login/access via http.

Any tutorial/reading material/suggestions on how I can store logged in
users credentials.

Thanks

Simon
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 03:19:33 GMT 2024

Total time taken to generate the page: 0.03948 seconds