TalkPHP - View Single Post

sketchMedia · 08-21-2008, 10:26 AM

Setting session variables then setting cookies with the data from the sessions breaks the whole concept of sessions and as people have said, potentially causes a security issue.

For a load balanced server setup you may be interested in using the DB to store session information with:
session_set_save_handler

That way the sessions are no longer stored on the server but in the DB (which should be central and available to all boxes) therefore they exist to all servers on the load balancer (in theory)

08-21-2008, 10:26 AM	#7 (permalink)
sketchMedia The Prestige Join Date: Oct 2007 Location: Manchester, UK Posts: 854 Thanks: 32	Setting session variables then setting cookies with the data from the sessions breaks the whole concept of sessions and as people have said, potentially causes a security issue. For a load balanced server setup you may be interested in using the DB to store session information with: session_set_save_handler That way the sessions are no longer stored on the server but in the DB (which should be central and available to all boxes) therefore they exist to all servers on the load balancer (in theory) __________________ mysql> SELECT * FROM `users` WHERE `users`.`clue` > 0; Empty set (0.00 sec) Last edited by sketchMedia : 08-21-2008 at 12:16 PM.