php sessions and memcache
Perrin Harkins
perrin at elem.com
Tue Jul 18 14:46:09 UTC 2006
On Tue, 2006-07-18 at 10:08 -0300, Mauro Nicolas Infantino wrote:
> That way, the client would have sensible information. Depending
> on the application, it could be very insecure. If you use standard server
> sessions, the client only gets an id.
If you don't want them to read it, you can do lightweight encryption.
Chances are, it's just a bunch of database IDs anyway, so it doesn't
matter if they read it. In that case, you just use a SHA1 MAC to check
that they haven't tampered with it.
- Perrin
More information about the memcached
mailing list