On 9 August 2010 13:30, Juan Rodriguez Monti <j...@rodriguezmonti.com.ar> wrote:
> I thought that might be a good idea, to define a session variable
> called ( failedattempts ), then check and if $failedattempts is
> greater than, suppose, 4 ...

As sessions are connected to a request through a session cookie,
putting the failed attempts in the session for checking later is a bad
idea. A script attempting to crack your security will most likely NOT
be using cookies. So each request, all the many millions of them, will
seem to be clean/virgin requests, not multiple attempts. Each request
will create a blank new session with 0 previous attempts.

Richard.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to