I'm trying to temporarily store nonce/timestamp info to prevent man-in-the-middle attacks when performing OAuth authentication. Is there any advantage to storing this info in a database over using $_SESSION? My feeling is that $_SESSION would be faster. However, I'm not sure if there's a security issue that I'm missing.