27 Sep
2005
27 Sep
'05
6:44 a.m.
Hi!
(I can only agree to what Michal said - it's only not implemented because nobody got down to do it)
If you're going to implement this, do not forget that sessions should work also without cookies enabled.
There is also a problem about which Marc and I talked in the past. We should not store sensitive information like passwords in sessions, as usually all session data can be accessed from untrusted users on the same webserver, as session files are readable for everyone usually.
Also we need to think about what bad can happen when someone hijacks your session id, or uses session fixation.
Regards, Garvin
--
++ Garvin Hicking | Web-Entwickler [PHP] | www.garv.in | ICQ 21392242
++ Developer of | www.phpMyAdmin.net | www.s9y.org
++ Make me happy | http://wishes.garv.in