i just want to figure out a way by which i can stop session theft.i thought
if i can get something from user end that is unique for that user.for e.g.
his/her IP .but it will not work when they are behind firewall.they will be
assigned same IP.is there a way for me to get the IP (e.g.202.202.202.202
thats just an e.g. ) plus computer ip(192.168.0.1 e.g.) i saw once a java
chat server do this.if we can do this then it will help us (SOMEWHAT).
You could store the HTTP_USER_AGENT in the session when it starts. Then compare the browser being used against this stored value on subsequent pages. HTTP_USER_AGENT won't always be unique and it's not foolproof but it is a little extra security with minimal effort.
Larry
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
