Well I suppose you could, but I wouldn't. If your worried about someone stealing someone's sid when they are using a random one, then having a fixed one would be even worse in this respect since they only have to get it once instead of every time the session is re-initiated.
Adam Voigt [EMAIL PROTECTED] On Thu, 2002-10-24 at 09:08, Simon Taylor wrote: > While were on the subject, Is it possible/wise t register a person's session > id in you useraccess db when they log in then always assign them the same > id, then if the session has not expired the user will pick up vars stored > there.. > Cheers > > -----Original Message----- > From: Adam Voigt [mailto:adam@;cryptocomm.com] > Sent: 24 October 2002 15:01 > To: Shaun > Cc: [EMAIL PROTECTED] > Subject: Re: [PHP] sessions > > > You could, on the page where it initially creates there session, get there > IP address and make that a session variable, then in one of your include > files which is called on every page, check to see if the current users's IP > match's the one of the $_SESSION[ip] variable, if it doesn't, just stop them > dead with an exit; statement. > > Course this won't help for people behind the same public IP, but it's a > start. You could also verify against what the browser identify's itself as, > etc. > > Adam Voigt > [EMAIL PROTECTED] > > On Thu, 2002-10-24 at 08:32, Shaun wrote: > > Hi, > > > > If i use sid in the url , is it dangerous - can hackers gain info on > > important variables storing username and passwords or is it save to > > use , if not what should i do. > > > > shaun > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
