is it good idea to insert passwords to php session vars ?

is it good idea to insert passwords to php session vars ?

No.

If you need some other options, explain what prompted this question.

Quote:

---

Originally Posted by JasonDFR

No.

If you need some other options, explain what prompted this question.

---

For me, it is to prevent session hacking - that the user somehow changes the user-id in the session, so to do automatic re-authentication in the background now and then.

IMHO, a better solution is to generate unique hash from the sessionid, user's name and the userid (with a prefix hidden from public) and use that as a checksum or something.

That is of course assuming that is what the OP wanted to do :)