On Wed, Jul 22, 2009 at 1:19 PM, Dare Williams<darrenwi...@yahoo.com> wrote:
> Dear Forums,
> Kindly advice me professionally because, am getting more confused on what to
> do about my application that needed to be online very soon.
> The fear is about Session and Authentication.
> Here are my questions.
> 1. Must a Page Authentication be done by Session or Cookie. If not what are
> the other options.
hidden id field in the html form
> 2. How secured is Session without encoding.
encoding data? can be done, but as long as the session is stored local
to the site and not in a shared folder on a shared hosting machine,
its pretty safe
Another option is to store the session in the database
> 3. Must you encode Sessions at all time and if not what type of Session.
all depends on the application and your own level of paranoia
> 4. Is it dangerous to pass one Session on several Page.
Nope, its the essence of sessions. How else to get the session data
shared between pages?
> 5. What about locking a Session to an IP ......(tips needed)
Don't. Some ISPs host a pool of addresses and the user's IP may switch
during a single session.
> 5. Session Security tips please.
This was just discussed in another thread here on sessions today.
Search the archives.
> Thank You All.
Cat, the other other white meat
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php