CodeIgniter Forums
Password in Session Variables? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Password in Session Variables? (/thread-27380.html)



Password in Session Variables? - El Forum - 02-09-2010

[eluser]alexanderweiss[/eluser]
For a new app I am developing I need to have access to the user password several times during a session (imap server). So either I have to ask for the password every time a page is loaded, or I would have to store the password in the session.

Would this be safe/secure enough?

Thank you!


Password in Session Variables? - El Forum - 02-09-2010

[eluser]richthegeek[/eluser]
there are easier ways - store a per-session hash in the session/cookie and in the database related to that users row.

For example, create a hash like "sha1( time() . rand() )" and store that |40| hex in both then query for that.


Password in Session Variables? - El Forum - 02-09-2010

[eluser]alexanderweiss[/eluser]
[quote author="richthegeek" date="1265739300"]there are easier ways - store a per-session hash in the session/cookie and in the database related to that users row.

For example, create a hash like "sha1( time() . rand() )" and store that |40| hex in both then query for that.[/quote]

You mean I should put the password in a table, along with this hash? So I can retrieve the password when I query for the hash.