mostafatalebi Posted August 28, 2013 Share Posted August 28, 2013 Hello everybody I'm developing a website. This website neither uses framework nor uses CMS, and I'm going totally bare with PHP. My question is that, is it ok to go with simple $_SESSION['username'] variable or for better performance (and of course more secure environment) I can go with some methods of encryption? Can anyone help me please. I want to see if there is a proper way of securing sessions. thanks in advance Quote Link to comment Share on other sites More sharing options...
kicken Posted August 28, 2013 Share Posted August 28, 2013 (edited) Simple sessions is fine. There is no need to do any encryption of the session data. For performance you could try using a session handler that uses memcache or similar rather than the default file-based handler. As far as securing sessions goes, read up on things like session hijacking / session fixation. If you will be on shared hosting, you'll also want to change the session save path to something under your directory rather than the system default. Edited August 28, 2013 by kicken Quote Link to comment Share on other sites More sharing options...
mostafatalebi Posted August 28, 2013 Author Share Posted August 28, 2013 Good answer. specially that of session save-address Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.