I'm unsure on which is the best way to go, either sessions or cookies.
I want to create a section where users can log in and upload things amongst other things to one of my sites. I can do a basic log in of my own but need to make it secure so anyone who may visit the computer after can't get to see any passwords or anythgin that a previous user may have entered.
Is the best way to go session or cookies. From what I've looked at I'm thinking sessions but thought before I start on it I'd ask here
I'm wondering the same thing at the moment, mirgrating an ASP site to ASP.NET.
I've just about decided on cookies but not adding any persistance to them so they should be destryoed when the browser is shut, ie logged out.
The reason i'm not using sessions is that when a few hundred are logged on and they all have a session it reduces the amount of server memory available for the site itself.
use cookies, have a logout button. but make sure any pages that allow the user to change details, change or view the password and email etc require you to enter the password again.
so if someone using a shared PC leaves it logged in and then someone else comes on they will have access to their account but cant do anything without the password.
__________________ Dan Morley Alpharooms.com
daniel at alpharooms dot com - Hotels, Flights, Airport Transfers, Care Hire + More! sign up My Blog | Cheap Holidays
Linear Mode
