do I need to encrypt session var is using SSL?

Re: do I need to encrypt session var is using SSL?

NotGiven wrote:
[color=blue]
> I am using SSL to go from one page to the next. Do I still need to
> excrypt
> session IDs? Thanks.
>
> srg at charlottenet dot com[/color]

You don't need to encrypt session ID's... Someone said this on here like an
hour ago. They are random gibberish, generated who knows how, or who cares
how. Session data is stored server-side, so you don't have to worry about
that either.

If you are using SSL, everything is encrypted so that no one can intercept
it. Session ID's included. (as they are cookie header information) This
is transparent to PHP, if you are using SSL and request a field name, it's
data will appear un-encrypted for you to use how you please, even though it
travelled along the internet encrypted. (From what I understand)


-Eric Kincl

Re: do I need to encrypt session var is using SSL?

thanks

"Eric Kincl" <Eric@Kincl.net _NO_SPAM_> wrote in message
news:3fbc1252@n ews.gvsu.edu...[color=blue]
> NotGiven wrote:
>[color=green]
> > I am using SSL to go from one page to the next. Do I still need to
> > excrypt
> > session IDs? Thanks.
> >
> > srg at charlottenet dot com[/color]
>
> You don't need to encrypt session ID's... Someone said this on here like[/color]
an[color=blue]
> hour ago. They are random gibberish, generated who knows how, or who[/color]
cares[color=blue]
> how. Session data is stored server-side, so you don't have to worry about
> that either.
>
> If you are using SSL, everything is encrypted so that no one can intercept
> it. Session ID's included. (as they are cookie header information) This
> is transparent to PHP, if you are using SSL and request a field name, it's
> data will appear un-encrypted for you to use how you please, even though[/color]
it[color=blue]
> travelled along the internet encrypted. (From what I understand)
>
>
> -Eric Kincl[/color]