I've built a PHP application that utilizes cURL to programmatically access one of my financial institutions and gather transaction data... quite similar to how mint.com works (even with the ability to track and answer secondary verification / security questions).
Now obviously cURL stores the session into a local cookie on the server; that's how the session is kept going programmatically across the various pages (login => verification => transaction data).
My question is, how should or could this be handled on a larger scale? I.e. several hundred users wanting to use the system. I'm assuming the best method is to keep each programmatic attempt in a unique cookie (behind a firewall / secure server, so sessions would be protected). Or is there another way to store the session.... I'd really like to know how mint.com set it up.
I was able to solve this solution by: