Results 1 to 3 of 3

Thread: is it good idea to insert passwords to php session vars ?

  1. #1
    Join Date
    Oct 2004
    Posts
    425
    Thanks
    4
    Thanked 1 Time in 1 Post

    Default is it good idea to insert passwords to php session vars ?

    is it good idea to insert passwords to php session vars ?

  2. #2
    Join Date
    Apr 2008
    Location
    Limoges, France
    Posts
    395
    Thanks
    13
    Thanked 61 Times in 61 Posts

    Default

    No.

    If you need some other options, explain what prompted this question.

  3. #3
    Join Date
    Mar 2009
    Posts
    65
    Thanks
    13
    Thanked 4 Times in 4 Posts

    Default

    Quote Originally Posted by JasonDFR View Post
    No.

    If you need some other options, explain what prompted this question.
    For me, it is to prevent session hacking - that the user somehow changes the user-id in the session, so to do automatic re-authentication in the background now and then.

    IMHO, a better solution is to generate unique hash from the sessionid, user's name and the userid (with a prefix hidden from public) and use that as a checksum or something.

    That is of course assuming that is what the OP wanted to do

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •