Saturday, January 27, 2007

Using memcached as a session store

I don't know about Flup. Remember that you have limitations on the
amount of data that you can put into a cookie. Furthermore, you have
to be careful because the user can hack his own cookies. Hence, if
you're going to put anything more than a session ID, you should
encrypt and sign the cookie. If you have lots of session data, you
should instead put your session data on a separate server that all the
Web servers can access. memcached is often used for this task. - Shannon Behrens

No comments: