• From: Enschede, The Netherlands
  • Registered: December 30, 2008
  • Posts: 4

Topic: Your Opinion About Sessions

Hi everybody!

Sessions are commonly used by php programmers when creating a login system or a webshop (etcetera..). A couple of weeks ago, some guy pointed out that sessions aren't as save as we think.
But is that really true? Are sessions not safe for us to use in commercial scripts, in other words, should we write our own (custom) session system like (for example) PHPBB?
My opinion: as long as we don't save private (un-encoded) information in sessions, we can use them in our scripts.

I would love to hear your opinion!

Bram Wenting

Last edited by Bram Wenting (December 31, 2008 7:21 am)

Vote up Vote down

  • From: Nashville
  • Registered: December 22, 2008
  • Posts: 3,108

Re: Your Opinion About Sessions

I have no problem with well written sessions.

Does the Facebook Connect approach do anything differently?


180 seconds between posts!?  I barely have 3 minutes to visit...LOL maybe because I'm still a new member!? Gosh I still feel like an old member... smile

Vote up Vote down

  • Gender: Male
  • From: Chico/Sacramento, CA
  • Registered: December 19, 2008
  • Posts: 2,810
  • Reputation: 14

Re: Your Opinion About Sessions

I haven't heard anything about sessions being unsafe, although there probably are ways to make it unsafe if it isn't well written. I know you don't store data that needs to be secure in cookies, but I believe sessions should be fine.

Benjamin Falk | Falken Creative : Twitter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter

Vote up Vote down