[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
If you want to be secure then the only data you should ever store in a cookie is a session ID and that session ID should be created in such a way as to make forging it nigh on impossible and with sensible timeouts on client and server. And remember some people/institutions wont allow cookies so you should be able to offer alternatives - generally the query string (ie URL?sessioninfo=encryptedstring). The server should be used for all other information - userinfo, shopping list etc. Not only is this good practice but it makes debugging a hell of a lot easier! I'm trying not to be too technical here! Tom te tom te tom -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html