On 9/23/10 2:24 PM, Ryan Lane wrote:
The contents of that session on the server are unencrypted, correct? Depending on what the secret is, he may or may not want to use it. For instance, that is probably a terrible place to put credit card numbers temporarily.
Good point, but in this case I'm just storing the path to a temporary file.
The file isn't even sensitive data; it's just a user-uploaded media file for which the user has not yet selected a license, although we anticipate they will in a few minutes.