On Sat, 23 Jan 2010 09:32:37 -0500, (tedd) wrote:

At 1:13 PM +1100 1/23/10, wrote:
 but I would be grateful for any suggestions how I
could make this procedure more secure.
We have given you advice that you should NOT use Cookies in any fashion to secure your site, but you remain steadfast that you know better -- so, what else can we say other than good luck.

BUT you have told me to use sessions, and sessions use a Cookie!

If the Cookie I use contains random data, the only difference in security is in 
the time
that it remains valid.  Neither contains any useful information, but while they 
are valid
both will enable you to bypass security.

Using only sessions means you have the tried and true php session handling to manage the cookie, rather than re-inventing the wheel yourself by using your own random string to do the same thing that a session cookie already does.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to