A
A
alestro2016-05-30 11:40:37
PHP
alestro, 2016-05-30 11:40:37

Does it make sense to encrypt the session?

There is a session handler that, before writing it to a file, first encrypts, and then only the line to the file.
And before reading this session, the string is decrypted and given to the user. So, is such a feature needed or is it just a waste of resources and it would be more expedient to encrypt the session cookie that stores the session id?

Answer the question

In order to leave comments, you need to log in

7 answer(s)
A
Alexander Aksentiev, 2016-05-30
@Sanasol

Why encrypt any of this at all?
If there are holes on the site through which you can get session files, then encrypt or not encrypt somehow there is not much difference.

N
Nazar Mokrinsky, 2016-05-30
@nazarpc

In general, none of the above needs to be encrypted, it is an absolutely useless waste of resources.

L
LeEnot, 2015-09-03
@LeEnot

Store the user's password hash in your database and on your device. Read about hashing, key salt, KDF
It is not safe to store the username and password on the device - anyone who has access to the device, if desired, can extract them from there and gain access to user data in your service.
UPDATE: actually you need to store the user's password hash hash

S
sitev_ru, 2015-09-03
@sitev_ru

I don't know the "correct option"... I'll tell you how I did it...
A socket server runs on the server, and a socket client runs on the client. I cling and transfer the login, password ...
The login and password are entered by the client on the phone once and stored on it for subsequent authorizations ...

A
Andrey, 2015-09-03
@kozinakoff

You can get AndroidId: Settings.Secure.getString(context.getContentResolver(), Settings.Secure.ANDROID_ID);
There is a caveat though:
Those. if the user makes a hard reset, then this value may change.

K
Konstantin Berkov, 2015-09-03
@konstantin_berkow

Google Analytic has its own tricky client id, which is most likely associated with the user's account in the market.

R
Rustem Saitkulov, 2015-09-03
@atetc

Android UUID you need. These are auxiliary classes that will allow you to generate them yourself based on Mac, imei, sn devices (but you yourself have to think over the implementation, because for example, tablets do not always have imei). In general, dig / look in the direction of UUID.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question