Tijnema ! escribió:
On 4/9/07, Martin Marques <martin@xxxxxxxxxxxxxxx> wrote:
Yes:
Don't use transparent session id, or even better, save the
authentication in a cookie on the client (seperated from the session
array).
And then the user would crack the cookie ....
I know they are encrypted, but trust me, cookies can be edited.
So what? The user authenticated himself, so what is he gonna crack?
You want better info on this subject, see how webmail apps store the
suthentication information (gmail.com comes to mind now).
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
---------------------------------------------------------
Martín Marqués | Programador, DBA
Centro de Telemática | Administrador
Universidad Nacional
del Litoral
---------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
