On Wed, Jul 22, 2009 at 1:19 PM, Dare Williams<darrenwilly@xxxxxxxxx> wrote: > Dear Forums, > > Kindly advice me professionally because, am getting more confused on what to do about my application that needed to be online very soon. > > The fear is about Session and Authentication. > > Here are my questions. > 1. Must a Page Authentication be done by Session or Cookie. If not what are the other options. hidden id field in the html form > 2. How secured is Session without encoding. encoding data? can be done, but as long as the session is stored local to the site and not in a shared folder on a shared hosting machine, its pretty safe Another option is to store the session in the database > 3. Must you encode Sessions at all time and if not what type of Session. all depends on the application and your own level of paranoia > 4. Is it dangerous to pass one Session on several Page. Nope, its the essence of sessions. How else to get the session data shared between pages? > 5. What about locking a Session to an IP ......(tips needed) Don't. Some ISPs host a pool of addresses and the user's IP may switch during a single session. > 5. Session Security tips please. This was just discussed in another thread here on sessions today. Search the archives. > > Thank You All. > > Williams. > > > > -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
