Hi there,
I have setup a site with session management but even the browser is closed
or after the default time expiration of the session, the user should be able
to see his/her personalized settings. I am nor using any cookies.
How can I make this happen without changing my session related code?
Making your session never expire is a bad idea, by doing this you are
most likely going to be using the same session id forever which gives
attackers a much longer amount of time to guess or brute force a session
id AND you will continue to use hard drive space and inodes on your
server because gc
on 18/02/03 1:40 AM, Altug Sahin ([EMAIL PROTECTED]) wrote:
Hi there,
I have setup a site with session management but even the browser is closed
or after the default time expiration of the session, the user should be able
to see his/her personalized settings. I am nor using any cookies.
You shouldn't store user password in cookies on a browser, instead a
more secure method for the user is:
On your login form offer the ability to be remembered, if they click the
Remember Me box generate a unique random ID (or 2 and combine them),
now store this ID in your database attached to
Nice!!
Justin French
on 18/02/03 12:54 PM, Jason Sheets ([EMAIL PROTECTED]) wrote:
You shouldn't store user password in cookies on a browser, instead a
more secure method for the user is:
On your login form offer the ability to be remembered, if they click the
Remember Me box generate a
5 matches
Mail list logo
