php sessions and memcache

Perrin Harkins perrin at
Tue Jul 18 14:46:09 UTC 2006

On Tue, 2006-07-18 at 10:08 -0300, Mauro Nicolas Infantino wrote:
> That way, the client would have sensible information. Depending
> on the application, it could be very insecure. If you use standard server 
> sessions, the client only gets an id.

If you don't want them to read it, you can do lightweight encryption.
Chances are, it's just a bunch of database IDs anyway, so it doesn't
matter if they read it.  In that case, you just use a SHA1 MAC to check
that they haven't tampered with it.

- Perrin

More information about the memcached mailing list