You could, on the page where it initially creates there session,
get there IP address and make that a session variable, then in
one of your include files which is called on every page, check to
see if the current users's IP match's the one of the $_SESSION[ip]
variable, if it doesn't, just stop them dead with an exit; statement.
Course this won't help for people behind the same public IP, but
it's a start. You could also verify against what the browser identify's
itself as, etc.
On Thu, 2002-10-24 at 08:32, Shaun wrote:
> If i use sid in the url , is it dangerous - can hackers gain info on
> important variables storing username and passwords or is it save to use , if
> not what should i do.
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php