Re: [Prometheus-library] Passwords and stuff

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

No, if I'm getting right, sessions in PHP are made 
the same way as sessions in all other tools, that means
only unique session ID is sent between pages.
Variables registered into session are serialized and stored but
they are stored at the server side. 
When you are accessing page and calling session_start(), 
session ID is checked (taken either from cookie or URL rewriting),
next local store is searched for proper file (or database entry) and
all variables are recreated from that store. None of registered
variables is sent through HTTP.

			Oskar

On Tue 13. March 2001 18:58, you wrote:
> I'm looking in ./prometheus/db/User_Db/User.object and I wonder about the
> fact that the user object has a member variable of 'password'.
>
> I am very new to PHP, so I hope someone can explain this me gently:
>
> If in PHP4 I were to session_start() and session_register() a user object,
> would the user object be serialized and passed via POST to the next page in
> the clear?
> If so, could a Prometheus user compromise his website by registering a user
> object?
>
> I don't really understand sessions in PHP4 that well.