What encryption algorithm is best for encrypting session file on the server?

Question

Possible Duplicate:
What is the best way to encrypt a text file in C/C++?

It may sound weird but there is a C++ web application (CGI). Every new request creates a new process. So in order to maintain session a text file will be created on the server which will contain info like sessionid, username, password, timestamp etc. This text file will be created for the first request and then referred to for subsequent requests to keep session alive. The text file will be deleted when user logs off.

To accomplish security the text file should be encrypted. Also the contents of the text file should be encrypted.

What could be the best possible encryption algorithm for this scenario? My search tells me AES. But I also wanted to ask this question to see if the approach used for session management is correct or not.

Answer 1

Encrypting the session will accomplish nothing, because the server has the key already. Encryption is only meaningful when the message and key are seperate.

Also, don't store a password in the session. You need only store the username - if the user has created a session and logged in, it's sufficient to note that fact, and then discard the password after checking it only once.