security question

qrt123

Hi all

I just wondered.
There has been a lot of questions about sessions vs, cookies.
So my question is in general, how much does it take to penetrate a simple loginsystem using session/cookies, mysqlbackend to keep users and their passswords, (md5 encrypted), and the admin-pages checkes if the sessions is set.

Do You understand my question.

Is it secure enought to keep most people out, would it take serious effort to break or is too easy.

And if the webhotel has a reasonable high security standard, how is the situation then.

And finally

what's the security difference between session-unset() and session-destroy()

sincerely
kurt 😉

spin0us

For my part i thing the two diffrent way take approximativly the same time to setup. But cookie are less secure than session