On Sat, 23 Jan 2010 09:32:37 -0500, tedd.sperl...@gmail.com (tedd) wrote:

>At 1:13 PM +1100 1/23/10, clanc...@cybec.com.au wrote:
>>  but I would be grateful for any suggestions how I
>>could make this procedure more secure.
>We have given you advice that you should NOT use Cookies in any 
>fashion to secure your site, but you remain steadfast that you know 
>better -- so, what else can we say other than good luck.

BUT you have told me to use sessions, and sessions use a Cookie!

If the Cookie I use contains random data, the only difference in security is in 
the time
that it remains valid.  Neither contains any useful information, but while they 
are valid
both will enable you to bypass security.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to