NotGiven wrote:
I am using SSL to go from one page to the next. Do I still need to
excrypt
session IDs? Thanks.
srg at charlottenet dot com
You don't need to encrypt session ID's... Someone said this on here like an
hour ago. They are random gibberish, generated who knows how, or who cares
how. Session data is stored server-side, so you don't have to worry about
that either.
If you are using SSL, everything is encrypted so that no one can intercept
it. Session ID's included. (as they are cookie header information) This
is transparent to PHP, if you are using SSL and request a field name, it's
data will appear un-encrypted for you to use how you please, even though it
travelled along the internet encrypted. (From what I understand)
-Eric Kincl