Question
If someone was making a TOR hidden service using PHP, Apache, and MySQL, would sessions have to be done differently?
Considering that many different users could be coming from the same IP address (using the same exit node), how does that change things?
Should I rely on setting client-side cookies that expire after a certain time period once logged in? Should I be checking cookies to see if they are logged in instead of $_SESSION?
I have searched high & low on here and Google and can't seem to find anyone else asking this question.
I have read the TOR documents on configuring a hidden service, how TOR works, etc.
Solution
The default PHP sessions work perfectly well with TOR. There is no need to change anything.
All other questions are not related to TOR, but are subject to the usual considerations when using sessions. Do you want a login to expire after a certain inactive time? If yes, you have to implement that yourself.
https://stackoverflow.com/questions/19070346
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian