Storing Encrypted Password in Session variables

Storing Encrypted Password in Session variables

El Forum
Guest

#12

12-05-2007, 05:56 AM

[eluser]xwero[/eluser]
Maybe logging is the wrong word, identifying is better i guess. If you look at the updateUserInfo method he uses the session variables. In addition there is the question about security of the session variables. This are the two things i based my replies on. If i misread it that's my fault Smile

In your method i don't see how the user is identified. In my eyes it reads someone is logged in so he can do more. Or do i misread that too?

I agree with you no password in the session but if you haven't unique ids there are other ways to identify someone without the users password as a session variable. I suggested a few solutions for that.

Messages In This Thread

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 04:11 AM

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 04:41 AM

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 04:52 AM

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 05:00 AM

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 09:30 AM

Storing Encrypted Password in Session variables - by El Forum - 12-04-2007, 09:59 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 04:39 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 04:56 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 05:03 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 05:24 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 05:41 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 05:56 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 06:15 AM

Storing Encrypted Password in Session variables - by El Forum - 12-05-2007, 07:40 AM