For the authentication you can do a form, it will pass the login
informations to some class who do the sql validation and put in session
the informations of user, but not the password, i prefer put in session
because when he close the browser the session will down

for 2 , 

On the first point, session variables are not something people can get 
to from the client side unless you send them to them.  What you see on 
the client side is a session identifier that allows the server to 
retrieve the actual session values.

for 3

You dont need encode all the session for the security, if you want more 
security for some variables, encode just these

for 4

One of the intentions of the session is store informations for the easy 
aplication access

for 5

I think its not a good idea, the ip can change in the middle of the aplication

Yuri Yarlei.
Programmer PHP, CSS, Java, PostregreSQL;
Today PHP, tomorrow Java, after the world.
Kyou wa PHP, ashita wa Java, sono ato sekai desu.

> Date: Wed, 22 Jul 2009 10:19:44 -0700
> From: darrenwi...@yahoo.com
> To: php-general@lists.php.net
> Subject: [PHP] Session Confusion.
> Dear Forums,
> Kindly advice me professionally because, am getting more confused on what to 
> do about my application that needed to be online very soon.
> The fear is about Session and Authentication.
> Here are my questions.
> 1.   Must a Page Authentication be done by Session or Cookie. If not what are 
> the other options.
> 2.   How secured is Session without encoding.
> 3.   Must you encode Sessions at all time and if not what type of Session.
> 4.   Is it dangerous to pass one Session on several Page.
> 5.   What about locking a Session to an IP ......(tips needed)
> 5.   Session Security tips please.
> Thank You All.
> Williams.

Descubra todas as novidades do novo Internet Explorer 8

Reply via email to