Page 1 of 1

session encryption/security

Posted: Mon Jun 18, 2007 6:34 am
by aceconcepts
Hi,

I am very cautious when it comes to using session.

Without having to consider SSL certificates, is there a way to encrypt/secure sessions?

I will be passing session ids throughout one site. I just want to make sure no "outsider" can read/capture the session id.

Thanks

Posted: Mon Jun 18, 2007 10:08 am
by Benjamin
Anything sent unencrypted over the wire can potentially be read. You could improve security by changing the ID on every page request.