Session and Security

Results 1 to 2 of 2

Thread: Session and Security

  1. #1
    Join Date
    Dec 1969

    Default Session and Security

    Hello All,<BR> I want to develop an e-commerce site. I plan to authenticate users by comparing MD5 hashes between a SQL table and the hash of the entered password.<BR><BR>1. In terms of maintaining session state, I do not want to use cookies. However, I would like the session to eventually expire and for it to be secure. How should I go around implementing this? <BR><BR>2. When a user visits the main page it will provide a small Username/Password submit box and redirect to a logon page when a user clicks on submit. Whats the most secure/best way to validate the user - for example, assuming the user enters his/her correct info, do I process the request immediately and write to my state that the user is authenticated, then bring my user to the logon page that will check to see if the user is authenticated or do I pass the request to the logon page for it to process somehow? Plus the MD5 hashes might get messed up if I pass them through the URL...<BR><BR>Thanks, I also want to stay away from putting a session ID in the URL because then I have to worry about absolute/root URLs and its not the most secure way of going around things right?

  2. #2
    Join Date
    Dec 1969

    Default RE: Session and Security

    take your pick. you either maintain state with a cookie or you maintain in the URL. you can&#039;t have your cake AND eat it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts