TalkPHP - View Single Post

Wildhoney · 02-19-2008, 09:50 PM

Session IDs are secure. You just have to look at possible session ID downfalls in terms of security. Obviously for the session ID that determines whether or not they have access to their account, that has to be a long and complex session ID that is unlikely to be guessed. Whereas for a shopping cart, I wouldn't even say that has to be that long and complex -- after all, if I somehow guess your session ID, what will I get? Your shopping list, and nothing more. I won't even know who you are and so I can't be your wife checking up on how many other women you bought presents for!

02-19-2008, 09:50 PM	#5 (permalink)
Wildhoney La Vida es Sueño Join Date: Sep 2007 Location: Oldham Posts: 2,280 Thanks: 90	Session IDs are secure. You just have to look at possible session ID downfalls in terms of security. Obviously for the session ID that determines whether or not they have access to their account, that has to be a long and complex session ID that is unlikely to be guessed. Whereas for a shopping cart, I wouldn't even say that has to be that long and complex -- after all, if I somehow guess your session ID, what will I get? Your shopping list, and nothing more. I won't even know who you are and so I can't be your wife checking up on how many other women you bought presents for! __________________ The man who comes back through the Door in the Wall will never be quite the same as the man who went out.