[wp-hackers] sessions vs. cookies
John Joseph Bachir
jjb at ibiblio.org
Mon Apr 17 16:52:29 GMT 2006
(starting a new thread to keep things tiddy)
>> (as an aside, why is authentication done directly with cookies instead
>> of with sessions?)
> Protecting session ids is a chore, they're sent back and forth on each
> request, and anybody who manages to steal one now has full access as a
> user. The only way sessions can be more secure than cookies is if its
> all done over SSL, something that is not an option for the everday blog
Isn't it currently the case that the double-hashed password is sent on
every request, and anyone who manages to steal it has full access as a
user?
John
----
aim/yim/msn/jabber.org: johnjosephbachir
713.494.2704
irc://irc.freenode.net/lyceum
http://lyceum.ibiblio.org/
http://blog.johnjosephbachir.org/
More information about the wp-hackers
mailing list