Le samedi 16 juillet 2011 à 22:16 -0700, Phil Van a écrit : > Back to Vincent's original request about session id and login:
> (if you are using https, then all the above procedures do not matter) > It's via https, yes. > The second idea is that you may not need to store session on the > server at all: if the information in the session is merely user > information such as user id, name, email etc., you can concatenate > them into the cookie value (again, sign it). So the next time the user > visits, you automatically get those information back from the cookie. I am trying to avoid this, actually : the cookie only holds the session id for retrieval. The hash stored on the server holds various parameters for the user's session. Very convenient for customization. For instance, I'm using it to store field headers, which the client can then set to his liking. -- Vincent Veyron http://marica.fr/ Logiciel de gestion des sinistres et des contentieux pour le service juridique
