2013-09-28 18:34
浏览 98


If someone was making a TOR hidden service using PHP, Apache, and MySQL, would sessions have to be done differently?

Considering that many different users could be coming from the same IP address (using the same exit node), how does that change things?

Should I rely on setting client-side cookies that expire after a certain time period once logged in? Should I be checking cookies to see if they are logged in instead of $_SESSION?

I have searched high & low on here and Google and can't seem to find anyone else asking this question.

I have read the TOR documents on configuring a hidden service, how TOR works, etc.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • douce1368 2013-09-28 18:40

    The default PHP sessions work perfectly well with TOR. There is no need to change anything.

    All other questions are not related to TOR, but are subject to the usual considerations when using sessions. Do you want a login to expire after a certain inactive time? If yes, you have to implement that yourself.

    点赞 评论

相关推荐 更多相似问题