On Tue, 16 Apr 2002 14:01, Manuel Lemos did align ASCII characters thusly:
> Probably the fastest way to keep session profile information is by
> serializing the data array into a string that will be encrypted and then
> stored in cookie. The security weakness of this method is that if the
> secret key leaks, hackers may use to forge new sessions.

Is this documented anywhere? 

> A more secure but eventually less scalable method is to store the
> session data in a shared memory cache, so you minimize database accesses
> to just one after the server is restarted. This is probably the one you
> want to use as long you know how to deal with shared memory and
> semaphores.

Is this documented anywhere?

My understanding was that htaccess authentication was more secure that 
session based because of the porblems of session hijacking???


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to