[eluser]adela[/eluser]
So, I assume it's okay to leave it as it is, right? I shouldn't worry about it, correct?
And last question. What's the difference to use session database because if someone steal the cookie/session id, he can still pretend to be the user ? I mean he can use this session id to fake the script that it's this user, so which is more secure anyway --> into a client side cookie encrypted or database session encrypted too? I believe both seems almost same just it has option to match user agents for example and etc but its useless for me because i want to allow people to login with different accounts on same IP address and same user agents otherwise if user agent match is active .. it will update rows with different user_data column ...
Thanks a lot for taking your time to answer me.
