On Tue, 2005-10-11 at 00:25 +0200, Oliver Grätz wrote:
> Dan Brow schrieb:
> > Thanks, figured that would be the case. Can't for life of me think why I
> > wanted to do that, must have had a brain infarction. I want to have an
> > expired session prompt so people can log back in with out having to
Richard Davey wrote:
Agreed totally, I am curious as to why this question seems to get
asked a LOT though. I wonder what it is that causes this? (other than
inexperience) I mean there must be some common end result these
developers are hoping to obtain, resulting in a password being stashed
aw
Dan Brow schrieb:
> Thanks, figured that would be the case. Can't for life of me think why I
> wanted to do that, must have had a brain infarction. I want to have an
> expired session prompt so people can log back in with out having to
> start at the login page. Would having the users login saved i
ogin type script.
- Jeff
-Original Message-
From: Dan Brow [mailto:[EMAIL PROTECTED]
Sent: Monday, October 10, 2005 4:51 PM
To: PHP-Users
Subject: Re: [PHP] storing passwords in $_SESSION
Sorry for the confusion, I should have changed the subject line to
reflect my new idea.
Thanks.
On Mon,
14:59 -0400, Kilbride, James wrote:
> > > > > If the session expired.. how will session hold their user id??
> > > > >
> > > > > > -Original Message-
> > > > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > >
;
> > > On Mon, 2005-10-10 at 14:59 -0400, Kilbride, James wrote:
> > > > If the session expired.. how will session hold their user id??
> > > >
> > > > > -Original Message-
> > > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
>
ginal Message-
> > > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > > Sent: Monday, October 10, 2005 3:05 PM
> > > > To: PHP-Users
> > > > Subject: Re: [PHP] storing passwords in $_SESSION
> > > >
> > > > Thanks, figured that w
ssion expired.. how will session hold their user id??
> >
> > > -Original Message-
> > > From: Dan Brow [mailto:[EMAIL PROTECTED]
> > > Sent: Monday, October 10, 2005 3:05 PM
> > > To: PHP-Users
> > > Subject: Re: [PHP] storing passwords i
Sent: Monday, October 10, 2005 3:05 PM
> > To: PHP-Users
> > Subject: Re: [PHP] storing passwords in $_SESSION
> >
> > Thanks, figured that would be the case. Can't for life of me
> > think why I wanted to do that, must have had a brain
> > infarction. I w
Thanks, figured that would be the case. Can't for life of me think why I
wanted to do that, must have had a brain infarction. I want to have an
expired session prompt so people can log back in with out having to
start at the login page. Would having the users login saved in $_SESSION
be alright? pr
Hi Dan,
Monday, October 10, 2005, 7:43:31 PM, you wrote:
> How secure is it to save a password in $_SESSION.
> i.e. $_SESSION['password']
> is it safe and is it practical?
No, and no (well, not if you want to be safe)
More to the point - why would you ever want to? If you've found
yourself i
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
Probably not. If you're on a shared server, I could write a PHP script to
look in /tmp and read the contents of every session file there...
-philip
--
PHP General Mailing List (htt
[snip]
How secure is it to save a password in $_SESSION.
i.e. $_SESSION['password']
is it safe and is it practical?
[/snip]
I would think it neither safe nor practical. Once a user has logged in
having the password in SESSION would be useless.
--
PHP General Mailing List (http://www.php.net/)
13 matches
Mail list logo
