[nycphp-talk] Session Thoughts
Analysis & Solutions
danielc at analysisandsolutions.com
Fri Oct 31 13:36:45 EST 2003
Hi Mark:
On Fri, Oct 31, 2003 at 12:42:52PM -0500, Mark Armendariz wrote:
> I defintiely see your point... Do you have a solution for a secure
> auto-login?
The answer is NO. Automatic logins are not secure. Don't use them.
Also, FYI, just set the SessionID in the cookie. Store the fact that
they're logged in or not in the session information (in the session
files/database/etc).
Second, set a timeout. It's really not a good idea to have open ended
sessions. My preference is for the session to time out after ten minutes.
Have fun,
--Dan
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list