corbin Posted May 28, 2009 Share Posted May 28, 2009 I still wouldn't attempt to store a password in a session. Other 'remember me' info? Sure. But I'm pretty anal retentive about keeping user passwords safe. That's not being all the paranoid. On shared hosting, someone else could get into your sessions then potentially see passwords. Link to comment https://forums.phpfreaks.com/topic/160012-why-would-you-store-a-pasword-in-a-cookie/page/2/#findComment-844490 Share on other sites More sharing options...
Daniel0 Posted May 28, 2009 Share Posted May 28, 2009 Which is one of the reasons shared hosting sucks. You could easily write a custom session handler to store session data in the database instead of files on the server though. Link to comment https://forums.phpfreaks.com/topic/160012-why-would-you-store-a-pasword-in-a-cookie/page/2/#findComment-844495 Share on other sites More sharing options...
corbin Posted May 28, 2009 Share Posted May 28, 2009 If the host used something like suexec, you could also change the folder where PHP saved the session files. But.... Link to comment https://forums.phpfreaks.com/topic/160012-why-would-you-store-a-pasword-in-a-cookie/page/2/#findComment-844512 Share on other sites More sharing options...
roopurt18 Posted May 28, 2009 Share Posted May 28, 2009 The only user information I keep in sessions is UserId. If it's false, the user is a guest. Otherwise it's their database primary key. Anything else you need can be retrieved from that. Link to comment https://forums.phpfreaks.com/topic/160012-why-would-you-store-a-pasword-in-a-cookie/page/2/#findComment-844514 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.