[aklug] PHP Sessions

From: Christopher Howard <choward@indicium.us>
Date: Thu May 14 2009 - 16:52:19 AKDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm writing my first authentication framework with PHP/MySQL (for work)
and I just wanted to make sure I understood this correctly: Say we start
a PHP session. The session ID gets stored in the cookie/URL, but all the
session data I add (user name, user category, etc.) is all stored on the
server, right? (And not in the cookie?)

That is how it works with Perl/CGI, but I just wanted to check before I
go and open some kind of massive security hole.

- --
Christopher Howard
http://indicium.us
http://theologia.indicium.us

I digitally sign /all/ of my e-mails via PGP. If you receive any e-mail
from me without my valid PGP signature, please take additional steps to
verify the authenticity of the message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoMvMIACgkQQ5FLNdi0BcVB8wCeIFJoOSVXjxth4onCwANV0sI0
8PUAnA7Krn/Jj9VzUlbCMk+ykgtNNcAy
=pDt3
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Thu May 14 16:52:31 2009

This archive was generated by hypermail 2.1.8 : Thu May 14 2009 - 16:52:31 AKDT