Hi there,

is it possible to block hackers from stealing a session with the history
function of the browser?


A user registeres and recives a confirm e-mail. He confirms and does close
all browser windows. He leaves.
Another user comes to this computer opens the browser and the history and
clicks on the confirm link

Boom!! He has the session and is able to do all the stuff the other one can.

How could I close this security hole? Is there a work around?



PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to