Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Aug 2003
    Thanked 0 Times in 0 Posts

    retrieving users info without storing the userID in a session var.


    I've read here and there that storing the userID in a seesion after the login process was an evil thing.

    First question: I would like to nuderstand why? I mean, passing some data identifying the user in the url doesn't seem to be a better solution to me. Is it because of cross site scripting and security issues like that?

    Second question: what would be a good solution to retrieve users data the 'most secure way'?

    thanks a lot for your time

  2. #2
    New Coder
    Join Date
    May 2004
    Thanked 0 Times in 0 Posts
    for me, i find sessions to be the most secure way. Another less secure way is cookies. I use both. For those wanting to save their password so they don't have to login each time, i use cookies which then stores that value in the session. I simply compare the password and username. To make sure that someone will not keeping changing the password either encrypt it. Not sure if this is the answer your looking for but thats the only way i figured i could get it done securely...


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts