Is it inadvisable to store a hashed password in a user object in (server-side) session? It goes without saying that a salted and hashed password needs to be retrieved at some point to compare the hash to authenticate a given user, but once the comparison has taken place is there a quantifiable security risk associated with keeping it in the user object?
Is it inadvisable to store a hashed password in session?
- Thread starter wzsffjvd
- Start date