On Tue, 16 Apr 2002 14:01, Manuel Lemos did align ASCII characters thusly: > Probably the fastest way to keep session profile information is by > serializing the data array into a string that will be encrypted and then > stored in cookie. The security weakness of this method is that if the > secret key leaks, hackers may use to forge new sessions.
Is this documented anywhere? > A more secure but eventually less scalable method is to store the > session data in a shared memory cache, so you minimize database accesses > to just one after the server is restarted. This is probably the one you > want to use as long you know how to deal with shared memory and > semaphores. Is this documented anywhere? My understanding was that htaccess authentication was more secure that session based because of the porblems of session hijacking??? Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
