PHP - What to store in a session?
Posted
by eWolf
on Stack Overflow
See other posts from Stack Overflow
or by eWolf
Published on 2010-04-26T19:43:04Z
Indexed on
2010/04/26
20:03 UTC
Read the original article
Hit count: 247
I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session.
But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead of just the user id in the session. Why?
The content of a session cannot be obtained by a client - or can it?
© Stack Overflow or respective owner