| Best practice, (secure), to save session data? [message #178402] |
Thu, 14 June 2012 08:35  |
Simon
Messages: 29
Registered: February 2011
Karma:
|
Junior Member |
|
|
Hi,
We have a site where many users can login/logout, (giving them access to
their personal information).
The users have 2 choices, either we 'remember' the user after they close
their browsers or not, (for up to 30 days).
We create a unique cookie id and we store/retreive the data based on
that unique id.
But that means a read + a write every single time any user hits the
site. I realise that it is a very small operation with a tiny amount of
overhead, but I wonder if it is the 'best' solution.
It was suggested that I base64_encode/base64_decode the data as a cookie
but I am not sure about the security implications of doing that, (the
way I see it, if they can get the session cookie then they can just as
well access the base64_encoded data anyway).
We have an https site, but we also allow login/access via http.
Any tutorial/reading material/suggestions on how I can store logged in
users credentials.
Thanks
Simon
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]