need experts advice

edal11

I was reading the following article at http://www.devarticles.com/art/1/171/2
and I thought I should try it.

So I made a php class which:
Sets a cookie when an user logs in.
Creates a database entry in a Mysql Sessions table for the user
* Registers the session with php session register

This would be quite secure (I think...) , but......

Is it really necessary to register the session in a database?
Are cookies and php session handling functions alone secure enough?
How secure should I try to make my scripts?
I'm not sure if I should use this kind of session handling because it could slow down the site....

Thanks in advance

svnfightsvn

I have no idea why you would need to store an entry in the table....maybe to track how many times someone logged in....

There are different security issues to consider with something like this, but you mainly want to prevent interception - something done by encrypting the contents of the frames (SSL or something) and you want to prevent someone using someone else's session. Since you are using sessions and cookie's, that is about as secure as you can make it because only one browser can access that particular session at a time.

edal11

so, sessions can't be stolen ??

svnfightsvn

It is possible - but only for VERY experienced hackers

edal11

thanks