mostafatalebi Posted August 28, 2013 Share Posted August 28, 2013 Hello everybody I'm developing a website. This website neither uses framework nor uses CMS, and I'm going totally bare with PHP. My question is that, is it ok to go with simple $_SESSION['username'] variable or for better performance (and of course more secure environment) I can go with some methods of encryption? Can anyone help me please. I want to see if there is a proper way of securing sessions. thanks in advance Link to comment https://forums.phpfreaks.com/topic/281629-a-question-on-sessions/ Share on other sites More sharing options...
kicken Posted August 28, 2013 Share Posted August 28, 2013 Simple sessions is fine. There is no need to do any encryption of the session data. For performance you could try using a session handler that uses memcache or similar rather than the default file-based handler. As far as securing sessions goes, read up on things like session hijacking / session fixation. If you will be on shared hosting, you'll also want to change the session save path to something under your directory rather than the system default. Link to comment https://forums.phpfreaks.com/topic/281629-a-question-on-sessions/#findComment-1447119 Share on other sites More sharing options...
mostafatalebi Posted August 28, 2013 Author Share Posted August 28, 2013 Good answer. specially that of session save-address Link to comment https://forums.phpfreaks.com/topic/281629-a-question-on-sessions/#findComment-1447121 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.