On 14/08/16 01:56, Yasuo Ohgaki wrote: > IMO. PHP should be easiest, yet secure, Web application programming language. > I don't see any benefits, but only drawbacks, forcing users "to know session > management details to write secure code" while it is very easy to implement > tham in Session module.
Sessions are something I rely on, but have thrown numerous problems over the years. In my systems they should exist for the duration of a client being logged into the system and so any problems either end have to be handled. For that reason I store them in the database so when a client has to log in again we can clear their last activity and start a new one. The clients can be carrying out interviews for an hour or more, so previous 'improvements' that try to clear 'inactive sessions' often lost MY sort of sessions. Clients are only allowed to log on once so I need to pick up if they try and start a second session, but I don't believe I NEED all the complexity of cryptography secure id's? Just ones where I CAN actually identify the client ... or should I be handling that separate from the actual session_id ? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
