Brad Hubbard wrote:
> Can I get some feedback on the conventional wisdom as to the best solution
> for high volume registration and authentication of users accessing a secure
> site? I have worked before with database/session based methods as well as
> htaccess. Which is preferred? Are there alternatives?
Probably the fastest way to keep session profile information is by
serializing the data array into a string that will be encrypted and then
stored in cookie. The security weakness of this method is that if the
secret key leaks, hackers may use to forge new sessions.
A more secure but eventually less scalable method is to store the
session data in a shared memory cache, so you minimize database accesses
to just one after the server is restarted. This is probably the one you
want to use as long you know how to deal with shared memory and
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php