[SOLVED] Passing Data to another Page using $_SESSION's

[bri0987]

Is passing information from one page to another page using $_SESSION okay and secure.

 

Like First name, last name, address, social security number.

 

... or is there a more secure way of passing the information?

 

Thanks,

 

BRI

[rajivgonsalves]

Yes it is quite secure, because the actual data is stored on the server the only thing the client gets is the sess_id so it should be secure.

[rajivgonsalves]

however I would not recommend storing the social security number anywhere in the session as it could be accessed by anyone who has access on the servers because your session data mostly gets stored in sess_ files in your tmp directory on the server.

[wsantos]

however I would not recommend storing the social security number anywhere in the session as it could be accessed by anyone who has access on the servers because your session data mostly gets stored in sess_ files in your tmp directory on the server.

 

This can be offset by good network security though.

[bri0987]

Then how can I get the info to the other page...

 

(I do not want to store the info into a database... I think that would be a BIG mistake).

 

What else can I do?

[rajivgonsalves]

you could encrypt the sensitive information and store it in the session using some kind of encryption alogrithim and then when its on the other page just decrypt it so if someone gets hold of your sess_ file they will not be able to make sense of it unless they know the encryption alogrithim

[bri0987]

ok... You know of any easy to use encryption and decryption  functions by any chance?

[rajivgonsalves]

take a look at the following link it might help

 

http://www.weberdev.com/get_example-4162.html