I had thought about this idea to storage the session information in a database. However, what's happening if a user just closes the browser without logout from the application or if the browser crashes. The session will be in the database and the user is gone. How to track this?
Thanks. Andre -- Andre Matos [EMAIL PROTECTED] -----Original Message----- From: Bastien Koert [mailto:[EMAIL PROTECTED] Sent: Friday, October 22, 2004 1:22 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] How to send a SID in a security way What about writing a function that will store some of those required variables into a db. Then on the second site, open a link to the first db and query for those values that you need? bastien >From: "Andre Matos" <[EMAIL PROTECTED]> >To: "'Matt M.'" <[EMAIL PROTECTED]> >CC: <[EMAIL PROTECTED]> >Subject: RE: [PHP-DB] How to send a SID in a security way >Date: Fri, 22 Oct 2004 12:59:00 -0400 > >Hi Matt, > >I am trying to solve my problem to have one browser accessing two different >applications (each one in a different window) where each application has >its >own and unique sessionID. I really don't want to use cookie because I will >need that the user enable the option "accept cookies" in the browser. > >However, I am afraid to pass the sessionID on the URL because someone can >cat it. > >I am using currently using SSL. > >Can you see any solution for my problem? > >Thanks. > >-- >Andre Matos >[EMAIL PROTECTED] > >-----Original Message----- >From: Matt M. [mailto:[EMAIL PROTECTED] >Sent: Friday, October 22, 2004 12:35 PM >To: Andre Matos >Cc: [EMAIL PROTECTED] >Subject: Re: [PHP-DB] How to send a SID in a security way > > > How can I send a SID (SessionID) in a security way from one page to >another? > > Is it "security" to do this? > >not sure what exactly you want. You could just use cookies, dont >allow it to be in form fields or query strings. > >you could use ssl. > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > >-- >PHP Database Mailing List (http://www.php.net/) >To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
