RE: To session or not to session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



mailings@xxxxxxxxxxxxxxxx <mailto:mailings@xxxxxxxxxxxxxxxx>
    on Tuesday, April 05, 2005 2:25 PM said:

> Right now I am giving a trust factor of 80% to POST and 0% on GET. 
> What trust factor should I apply to SESSION

What do you mean "trust"? If by trust you mean "I trust the data to be
80% h4x0r-free if I'm receiving it through POST" then I'd say you should
move that 80% to 0%. On the other hand if you have a different
definition, please share it.

> Should I implement a SESSIONless feature in case SESSION is not
> available?

Session's are available by default (IIRC) because PHP appends the
PHPSESSID to the URL automatically when cookies are not available. In
any case, I guess it depends exactly on the site's functional
requirements for you to determine whether or not some kind of session
tracking is necessary. As far as I'm concerned, if a person wants any
sort of personalized data (custom settings, user account, ability to
create a cart and checkout [whatever the case may be]) then they should
have no problem having a cookie set on their system.



HTH,
Chris.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux