Creating custom PHP Session handler?

Question

Right now I\'m stuck between using PHP\'s native session management, or creating my own (MySQL-based) session system, and I have a few questions regarding both.

Answer 1

They are both great methods, there are some downsides to using MySQL which would be traffic levels in some cases could actually crash a server if done incorrectly or the load is just too high!

I recommend personally given that standard sessions are already handled properly to just use them and encrypted the data you do not want the hackers to see.

cookies are not safe to use without proper precaution. Unless you need "Remember me" then stick with sessions! :)

EDIT

Do not use MD5, it's poor encryption and decryptable... I recommend salting the data and encrypting it all together.

$salt = 'dsasda90742308408324708324832';
$password = sha1(sha1(md5('username').md5($salt));

This encryption will not be decrypted anytime soon, I would considered it impossible as of now.