Alain Roger wrote: > Hi Brad, > > yes this is one possibility, but since i use https, i should not be > afraid > by storing data in $_SESSION variables.
Just a note that while SSL may help to protect the session id from being packet sniffed you should still be concerned about storing sensitive data in _SESSION. Anyone local to the system can probably read plaintext session data from the session cache. HTTPS only protects communications between the client and the server at best, do be afraid! Travis Doherty -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
