Welcome Guest, Not a member yet? Register   Sign In
Password in Session Variables?
#1

[eluser]alexanderweiss[/eluser]
For a new app I am developing I need to have access to the user password several times during a session (imap server). So either I have to ask for the password every time a page is loaded, or I would have to store the password in the session.

Would this be safe/secure enough?

Thank you!
#2

[eluser]richthegeek[/eluser]
there are easier ways - store a per-session hash in the session/cookie and in the database related to that users row.

For example, create a hash like "sha1( time() . rand() )" and store that |40| hex in both then query for that.
#3

[eluser]alexanderweiss[/eluser]
[quote author="richthegeek" date="1265739300"]there are easier ways - store a per-session hash in the session/cookie and in the database related to that users row.

For example, create a hash like "sha1( time() . rand() )" and store that |40| hex in both then query for that.[/quote]

You mean I should put the password in a table, along with this hash? So I can retrieve the password when I query for the hash.




Theme © iAndrew 2016 - Forum software by © MyBB