Re: [Phplib-users] new Session4 changes
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] new Session4 changes
|
From: Giancarlo <gia...@na...> - 2002-12-02 19:11:58
|
> What I said is that, upon certain not so uncommomd prerequisites, it can > be difficult to have a twin mode-falback_mode that fit all cases, from > the bot to the cookie_only authed user... use_cookie_only is better for security and authentication, problem is it's a coiche all_or_nothing, that has to be enforced either everywhere or nowhere. So people decide not to use it. If it was possible to enforce it only in determined cases, it'd be better. Think of the default_auth case. You cannot specify different session classes for that page, because the same has to cater for both authed and unauthed user. So how do you impose use_cookie_only only on those authed? No way, it's a policy to be adopted either everywhere, or give it up. And people give it up. Similar is for the session save_handler type. You cannot, at a certain point eg: once authenticated, migrate the anonymous 'file' storage to the more secure db. Gian |
