16May
Securely store password for API sessions
Scenario:
I have a PHP web application that needs to make an API call using a password provided by the user. I want to temporarily store this password so I can use it across multiple requests without having to re-ask the user for the password on every request.
The user will be forced to connect using SSL. The httpd server is configured for standard file logging of requests. PHP session data is stored on the server in files.
Ideally I don't want to store the plain text password in the session file or send the plain text password with every request using a cookie.
