Bram Wenting Posted December 31, 2008 Report Posted December 31, 2008 (edited) Hi everybody! Sessions are commonly used by php programmers when creating a login system or a webshop (etcetera..). A couple of weeks ago, some guy pointed out that sessions aren't as save as we think. But is that really true? Are sessions not safe for us to use in commercial scripts, in other words, should we write our own (custom) session system like (for example) PHPBB? My opinion: as long as we don't save private (un-encoded) information in sessions, we can use them in our scripts. I would love to hear your opinion! Bram Wenting Edited December 31, 2008 by Bram Wenting Quote
shelfimage Posted December 31, 2008 Report Posted December 31, 2008 I have no problem with well written sessions. Does the Facebook Connect approach do anything differently? 180 seconds between posts!? I barely have 3 minutes to visit...LOL maybe because I'm still a new member!? Gosh I still feel like an old member... Quote
falkencreative Posted December 31, 2008 Report Posted December 31, 2008 I haven't heard anything about sessions being unsafe, although there probably are ways to make it unsafe if it isn't well written. I know you don't store data that needs to be secure in cookies, but I believe sessions should be fine. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.