> Always, always, always use a value that has no other significance other
> than being a unique ID. Email addresses change and so do passwords, so
> those are poor choices for linking data. They are fine and good choices
> for login, but that's about the only thing they should be used for.

I understand what your saying, but if I just use the ID, then it makes it
extremely easy to login as another user, simply change the ID in your
cookie. Atleast if I have email/password aswell it takes someone with access
to the network and a sniffer to get the values.

If a user changes his email and/or password, then the cookie gets updated,
simple. I can't see that its that much of an issue. If we were talking about
a credit card number or something else critical then I'd agree.


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to