By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,264 Members | 1,237 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,264 IT Pros & Developers. It's quick & easy.

do I need to encrypt session var is using SSL?

P: n/a
I am using SSL to go from one page to the next. Do I still need to excrypt
session IDs? Thanks.

srg at charlottenet dot com
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
NotGiven wrote:
I am using SSL to go from one page to the next. Do I still need to
excrypt
session IDs? Thanks.

srg at charlottenet dot com


You don't need to encrypt session ID's... Someone said this on here like an
hour ago. They are random gibberish, generated who knows how, or who cares
how. Session data is stored server-side, so you don't have to worry about
that either.

If you are using SSL, everything is encrypted so that no one can intercept
it. Session ID's included. (as they are cookie header information) This
is transparent to PHP, if you are using SSL and request a field name, it's
data will appear un-encrypted for you to use how you please, even though it
travelled along the internet encrypted. (From what I understand)
-Eric Kincl
Jul 17 '05 #2

P: n/a
thanks

"Eric Kincl" <Er**@Kincl.net_NO_SPAM_> wrote in message
news:3f******@news.gvsu.edu...
NotGiven wrote:
I am using SSL to go from one page to the next. Do I still need to
excrypt
session IDs? Thanks.

srg at charlottenet dot com
You don't need to encrypt session ID's... Someone said this on here like

an hour ago. They are random gibberish, generated who knows how, or who cares how. Session data is stored server-side, so you don't have to worry about
that either.

If you are using SSL, everything is encrypted so that no one can intercept
it. Session ID's included. (as they are cookie header information) This
is transparent to PHP, if you are using SSL and request a field name, it's
data will appear un-encrypted for you to use how you please, even though it travelled along the internet encrypted. (From what I understand)
-Eric Kincl

Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.