Actually I have had a couple people respond about the code order that I
wrote, so I am going to try and see if that works.
You're right I do store the username/passwd in the session, and I do encrypt
both the session password and the database password. I am trying to make
this very secure :) Yo
destroying session vars never worked for me either. it hasnt for quite some
time. now why its important you destoy them other then cleanup, I dont know
your reasons. Im going to guess.
- you store username/passwd in sessions and because httpd runs as nobody,
anyone on the server can read them. an
2 matches
Mail list logo