I am building a website for fun, I have a question and don’t know

Question

0

Asked: May 25, 20262026-05-25T00:11:17+00:00 2026-05-25T00:11:17+00:00

I am building a website for fun, I have a question and don’t know

0

I am building a website for fun, I have a question and don’t know where to look for the answer.

On a successful login, I am setting a session with the user’s email and then using that to pull the necessary data from mysql. Is there any downsides to doing it like this? Or would it be better appending the user’s email to the url?

How safe is it to store the user’s email in a session? I thought about hashing the session, but that would also mean hashing it when they signup/ login etc, so even if the session file could be viewed it would take some serious hacking to get the email?

And how common is it for people to hash, both password and email? Is it really needed??

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T00:11:17+00:00

Editorial Team

2026-05-25T00:11:17+00:00Added an answer on May 25, 2026 at 12:11 am

It is a bad idea to add any personal information to an URL for authorisation purposes. I would go with the hashing of the user’s credentials, with a pseudorandom salt.

You should really salted-hash at last the password the very second you get it the first time – and never use the clear-text pw ever again.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am building a website for fun, I have a question and don’t know

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply