While were on the subject, Is it possible/wise t register a person's session id in you useraccess db when they log in then always assign them the same id, then if the session has not expired the user will pick up vars stored there.. Cheers
-----Original Message----- From: Adam Voigt [mailto:adam@;cryptocomm.com] Sent: 24 October 2002 15:01 To: Shaun Cc: [EMAIL PROTECTED] Subject: Re: [PHP] sessions You could, on the page where it initially creates there session, get there IP address and make that a session variable, then in one of your include files which is called on every page, check to see if the current users's IP match's the one of the $_SESSION[ip] variable, if it doesn't, just stop them dead with an exit; statement. Course this won't help for people behind the same public IP, but it's a start. You could also verify against what the browser identify's itself as, etc. Adam Voigt [EMAIL PROTECTED] On Thu, 2002-10-24 at 08:32, Shaun wrote: > Hi, > > If i use sid in the url , is it dangerous - can hackers gain info on > important variables storing username and passwords or is it save to > use , if not what should i do. > > shaun > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
