Hi Dave, I wondered if someone more knowledgable would chip in on this thread:
Glad you found a solution. I suggested DB sessions primarily because it would be easier to debug and find out what was happening should things go wrong (and having never expiring sessions is a situation that may well be prone to problems). I don't always post everything that I am thinking to keep posts shorter. As I've alluded, I'm not a session-type expert but: Be careful not to permit a backdoor to your app - even if the app isn't public. Md5 isn't really a safe solution: If a malicious user recognises that his username and/or password is md5ed into a cookie (and this would be most malicious users' first guess), it's childsplay to change the cookie value the the md5 value of another username/ common password and see where it takes you. Here's a very similar thread: http://groups.google.com/group/cake-php/browse_frm/thread/5395c72c008ab2dd/3b80490729e934ee?q=session+ad7six&rnum=1#3b80490729e934ee Cheers, AD7six --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
