I have a small site that is not too data intensive, but requires the user to login to access pages that handle data and pages that interact with the database.
To enhance the site security I am hoping to that I do not need to use cookies, instead handle all of the data states (between pages and to/from the database) on the server-side, utilizing $_SESSION and session arrays.
Whilst this means the user has to physically login each time they visit the site (rather than the site recognising them via a cookie), will this approach help make the site more secure, or am I just making more work for myself and/or my visitors?
Of course I will be making sure unused data arrays are destroyed once used. I will be making sure I regenerate the session for each login.
Many thanks.