Marc Delisle wrote:
Garvin Hicking a écrit :
Hi!
(I can only agree to what Michal said - it's only not implemented because nobody got down to do it)
If you're going to implement this, do not forget that sessions should work also without cookies enabled.
I agree with sessions. Even if we ask as a requirement PHP 4.1.0
from the PMA docu:
You need PHP 4.1.0 or newer (*)
;-), nothing changes ...
minimum, maybe it's better to have the choice of using sessions or not. We could look the possibility of using some kind of plugin mechanism for passing data.
There is also a problem about which Marc and I talked in the past. We should not store sensitive information like passwords in sessions, as usually all session data can be accessed from untrusted users on the same webserver, as session files are readable for everyone usually.
We currently use blowfish for hiding user name and password in the cookies, so we should continue this way with sessions. But other sensitive data contained in a query (a social security number, for example) may find it's way in session data, so we have to deal with this. Encrypt everything? With mcrypt it would not be too bad, without mcrypt, ouch.
you speaking about storing results in the session?
in most cases, i think, it would not be faster storing a result in the session than query the database again! - so store results in the session makes no sense - only for slow querys - and this can be a configuration thing -
scfg['SaveSlowQueryResultsInSession']