> information should be hashed before they set it in a session.
> I said yes. Thanks for confirming my suspicions.
There's no need to hash sensitive information in Session variables, in order
to somehow protect them from spiders. A spider, just like any other HTTP
client, will at most be able to return the cookies that your server sets, in
which case your server will be able to store corresponding Session variables
for that spider. The spider won't be able to directly access those Session
variables, much less the Session variables of other clients.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
