I'm currently storing the username and password directly in cookies (the password isn't even md5()'d). I'm just wondering if there's security risks/whatever in sessions. I've seen that most sites seem to store the login data directly in the cookie (with the password md5()'d). Is that because there's something wrong with sessions, or did they just not use them for no reason? Thanks.
Justin French wrote: >How is it currently storing it? > >Sessions are fine, depending on how the code is written, and the obviouse >downside to COOKIE based sessions is that they will break on non-cookie >browsers, so a smarter move is to use URL based sessions. > >A more focused question will of course result in a more focused answer :) > >Justin French > > >on 15/06/02 6:59 PM, Leif K-Brooks ([EMAIL PROTECTED]) wrote: > > > >>I am planning to change how my site stores logins to using sessions. >>Are there any reasons not to do this? Reasons against it I should >>know? Thanks for your input. >> >> >> > > > >
