FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178455 is a reply to message #178453] Tue, 19 June 2012 06:37 Go to previous messageGo to previous message
Arno Welzel is currently offline  Arno Welzel
Messages: 317
Registered: October 2011
Karma:
Senior Member
Chris Davies, 19.06.2012 00:12:

> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>> Yes, and my point was - you don't NEED access to the encrypted data.
>> All you need to do is send a copy of the cookie itself to log in.
>
> At no point until my most recent did I suggest this cookie might even
> provide an authentication service. In the scenario as described it
> contains (encrypted) information, not an authentication token.

Maybe you missed the point in the OP:

"The users have 2 choices, either we 'remember' the user after they
close their browsers or not, (for up to 30 days).

We create a unique cookie id and we store/retreive the data based on
that unique id."

And "remembering a user for up to 30 days" means "if a cookie is set,
the user does not have to log in" to me.



--
Arno Welzel
http://arnowelzel.de
http://de-rec-fahrrad.de
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 16:01:05 GMT 2024

Total time taken to generate the page: 0.02965 seconds