Werezwolf Posted February 5, 2015 Share Posted February 5, 2015 I think the title is very clear but i have a site that has 2 user databases, one for web mail (Round cube) and one for a directory of content that the user has to be authenticated for. I was wondering if i should throw the password in $_SESSION and authenticate web mail if the user is logged in? Obviously i should not send that password back to the client if it be encrypted or not but i would inject the username and password into the web mail authentication handler as if the user had already filled in the form. Due to certain circumstances i am unable to merge the user databases. If there are any other possibilities do recommend them instead. Quote Link to comment https://forums.phpfreaks.com/topic/294396-should-a-password-be-stored-in-_session/ Share on other sites More sharing options...
Solution scootstah Posted February 5, 2015 Solution Share Posted February 5, 2015 Absolutely not. Can you not add the web mail hash to your other database? Quote Link to comment https://forums.phpfreaks.com/topic/294396-should-a-password-be-stored-in-_session/#findComment-1504962 Share on other sites More sharing options...
ginerjm Posted February 5, 2015 Share Posted February 5, 2015 The short answer is NEVER Quote Link to comment https://forums.phpfreaks.com/topic/294396-should-a-password-be-stored-in-_session/#findComment-1505011 Share on other sites More sharing options...
Werezwolf Posted February 5, 2015 Author Share Posted February 5, 2015 Absolutely not. Can you not add the web mail hash to your other database? Right just had to make sure. I'm unable to because it is Active Directory. Quote Link to comment https://forums.phpfreaks.com/topic/294396-should-a-password-be-stored-in-_session/#findComment-1505035 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.