I found a weekness in one of my local dev projects today.
php.ini is set ut with cookies off in session handling.

I asked another user to send me his url when logged in,
I copied and pasted it and then I was logged in as him.

What should I do? Turn cookies on? Or write ip to mysql? or...?

Best Regards

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to