Should a Password be stored in $_SESSION

[Werezwolf]

I think the title is very clear but i have a site that has 2 user databases, one for web mail (Round cube) and one for a directory of content that the user has to be authenticated for.

 

I was wondering if i should throw the password in $_SESSION and authenticate web mail if the user is logged in?

 

Obviously i should not send that password back to the client if it be encrypted or not but i would inject the username and password into the web mail authentication handler as if the user had already filled in the form.

 

Due to certain circumstances i am unable to merge the user databases.

 

If there are any other possibilities do recommend them instead.

 

 

 

[scootstah]

Absolutely not.

 

Can you not add the web mail hash to your other database?

[ginerjm]

The short answer is

 

NEVER

[Werezwolf]

Absolutely not.

 

Can you not add the web mail hash to your other database?

 

Right just had to make sure.

 

I'm unable to because it is Active Directory.