|
|
Posted by Vincent Delporte on 12/18/06 00:05
On Sun, 17 Dec 2006 23:33:23 GMT, Sanders Kaufman <bucky@kaufman.net>
wrote:
>When you have a session going, I know that PHP stores a session
>token on the client, but does it keep the session *data* on the
>client, as well?
>Or is the session data being stored on the server, and just
>indexed to the session token data?
If you use FireFox as your browser (Tools > Cookie Editor), you'll
see that calling session_start() creates a cookie for your domain
called PHPSESSID, which disappears once the window is closed, but can
be made permanent by writting the ad hoc code in a PHP script on the
server. This session ID can then be read by server-side scripts to
identify the user whenever a page is called.
Generally speaking, no data appart from this should be located on the
client, as this makes it too easy for hackers to hit your server. If
you really must save more data in cookies, make sure they're
encrypted.
Navigation:
[Reply to this message]
|