On Tue, 2005-10-11 at 00:25 +0200, Oliver Grätz wrote:
Dan Brow schrieb:
Thanks, figured that would be the case. Can't for life of me think why I
wanted to do that, must have had a brain infarction. I want to have an
expired session prompt so people can log back in with out having to
Richard Davey wrote:
Agreed totally, I am curious as to why this question seems to get
asked a LOT though. I wonder what it is that causes this? (other than
inexperience) I mean there must be some common end result these
developers are hoping to obtain, resulting in a password being stashed
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
Thanks,
Dan.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[snip]
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
[/snip]
I would think it neither safe nor practical. Once a user has logged in
having the password in SESSION would be useless.
--
PHP General Mailing List
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
Probably not. If you're on a shared server, I could write a PHP script to
look in /tmp and read the contents of every session file there...
-philip
--
PHP General Mailing List
Hi Dan,
Monday, October 10, 2005, 7:43:31 PM, you wrote:
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
No, and no (well, not if you want to be safe)
More to the point - why would you ever want to? If you've found
yourself in
Hi Jay,
Monday, October 10, 2005, 7:36:12 PM, you wrote:
I would think it neither safe nor practical. Once a user has logged
in having the password in SESSION would be useless.
Agreed totally, I am curious as to why this question seems to get
asked a LOT though. I wonder what it is that
Thanks, figured that would be the case. Can't for life of me think why I
wanted to do that, must have had a brain infarction. I want to have an
expired session prompt so people can log back in with out having to
start at the login page. Would having the users login saved in $_SESSION
be alright?
:05 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Thanks, figured that would be the case. Can't for life of me
think why I wanted to do that, must have had a brain
infarction. I want to have an expired session prompt so
people can log back in with out having
??
-Original Message-
From: Dan Brow [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 3:05 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Thanks, figured that would be the case. Can't for life of me
think why I wanted to do that, must have had a brain
?
On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
If the session expired.. how will session hold their user id??
-Original Message-
From: Dan Brow [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 3:05 PM
To: PHP-Users
Subject: Re: [PHP] storing
-
From: Dan Brow [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 3:05 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Thanks, figured that would be the case. Can't for life of me
think why I wanted to do that, must have had a brain
: [PHP] storing passwords in $_SESSION
Thanks, figured that would be the case. Can't for life of me
think why I wanted to do that, must have had a brain
infarction. I want to have an expired session prompt so
people can log back in with out having to start at the login
-Original Message-
From: Dan Brow [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 4:51 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Sorry for the confusion, I should have changed the subject line to
reflect my new idea.
Thanks.
On Mon, 2005-10-10 at 22:03 +0200, Emil
Dan Brow schrieb:
Thanks, figured that would be the case. Can't for life of me think why I
wanted to do that, must have had a brain infarction. I want to have an
expired session prompt so people can log back in with out having to
start at the login page. Would having the users login saved in
15 matches
Mail list logo