On Wed, Jul 22, 2009 at 1:19 PM, Dare Williams<darrenwi...@yahoo.com> wrote:
> Dear Forums,
> Kindly advice me professionally because, am getting more confused on what to 
> do about my application that needed to be online very soon.
> The fear is about Session and Authentication.
> Here are my questions.
> 1.   Must a Page Authentication be done by Session or Cookie. If not what are 
> the other options.

hidden id field in the html form

> 2.   How secured is Session without encoding.

encoding data? can be done, but as long as the session is stored local
to the site and not in a shared folder on a shared hosting machine,
its pretty safe
Another option is to store the session in the database

> 3.   Must you encode Sessions at all time and if not what type of Session.

all depends on the application and your own level of paranoia

> 4.   Is it dangerous to pass one Session on several Page.

Nope, its the essence of sessions. How else to get the session data
shared between pages?

> 5.   What about locking a Session to an IP ......(tips needed)

Don't. Some ISPs host a pool of addresses and the user's IP may switch
during a single session.

> 5.   Session Security tips please.

This was just discussed in another thread here on sessions today.
Search the archives.

> Thank You All.
> Williams.



Cat, the other other white meat

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to