For the authentication you can do a form, it will pass the login
informations to some class who do the sql validation and put in session
the informations of user, but not the password, i prefer put in session
because when he close the browser the session will down
for 2 ,
On the first point, session variables are not something people can get
to from the client side unless you send them to them. What you see on
the client side is a session identifier that allows the server to
retrieve the actual session values.
You dont need encode all the session for the security, if you want more
security for some variables, encode just these
One of the intentions of the session is store informations for the easy
I think its not a good idea, the ip can change in the middle of the aplication
Programmer PHP, CSS, Java, PostregreSQL;
Today PHP, tomorrow Java, after the world.
Kyou wa PHP, ashita wa Java, sono ato sekai desu.
> Date: Wed, 22 Jul 2009 10:19:44 -0700
> From: darrenwi...@yahoo.com
> To: firstname.lastname@example.org
> Subject: [PHP] Session Confusion.
> Dear Forums,
> Kindly advice me professionally because, am getting more confused on what to
> do about my application that needed to be online very soon.
> The fear is about Session and Authentication.
> Here are my questions.
> 1. Must a Page Authentication be done by Session or Cookie. If not what are
> the other options.
> 2. How secured is Session without encoding.
> 3. Must you encode Sessions at all time and if not what type of Session.
> 4. Is it dangerous to pass one Session on several Page.
> 5. What about locking a Session to an IP ......(tips needed)
> 5. Session Security tips please.
> Thank You All.
Descubra todas as novidades do novo Internet Explorer 8