You could, on the page where it initially creates there session,
get there IP address and make that a session variable, then in
one of your include files which is called on every page, check to
see if the current users's IP match's the one of the $_SESSION[ip]
variable, if it doesn't, just stop them dead with an exit; statement.

Course this won't help for people behind the same public IP, but
it's a start. You could also verify against what the browser identify's
itself as, etc.

Adam Voigt

On Thu, 2002-10-24 at 08:32, Shaun wrote:
> Hi,
> If i use sid in the url , is it dangerous - can hackers gain info on
> important variables storing username and passwords or is it save to use , if
> not what should i do.
> shaun
> -- 
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to