If someone was making a TOR hidden service using PHP, Apache, and MySQL, would sessions have to be done differently?
Considering that many different users could be coming from the same IP address (using the same exit node), how does that change things?
Should I rely on setting client-side cookies that expire after a certain time period once logged in? Should I be checking cookies to see if they are logged in instead of $_SESSION?
I have searched high & low on here and Google and can't seem to find anyone else asking this question.
I have read the TOR documents on configuring a hidden service, how TOR works, etc.