[nycphp-talk] Session Thoughts
Chris Shiflett
shiflett at php.net
Fri Oct 31 14:35:08 EST 2003
--- Keith Richardson <keith.richardson at thompsonhealth.com> wrote:
> for a little bit of stability, you could store the session id and
> ip address in a database
A Web application should only use data in the HTTP layer in most
cases. The only exception is if you are in a very controlled
environment with a specific pool of users. If you are developing a
Web application for public users, using anything from the TCP/IP
layer is probably going to cause problems for your legitimate users
and doesn't really offer any advantages.
> i would think of looking at some other source code, like phpbb
I think it would be better to observe the practices of places like
Amazon and Yahoo. phpBB and many open source PHP applications are
very poor examples of a lot of things, especially security. Dan's
emails to this list demonstrate that.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
More information about the talk
mailing list