PHP - What to store in a session?

Posted by eWolf on Stack Overflow See other posts from Stack Overflow or by eWolf
Published on 2010-04-26T19:43:04Z Indexed on 2010/04/26 20:03 UTC
Read the original article Hit count: 244

Filed under:
|
|
|

I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session.

But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead of just the user id in the session. Why?

The content of a session cannot be obtained by a client - or can it?

© Stack Overflow or respective owner

Related posts about php

Related posts about session