I work with double cookie to add a "security"...
If the user try to change de sessionId, I check with the current sessionId
stored into my own cookie..
But.. It may not to be usefull... :)
The cookie is basically a crypted copy of the session content (with a
different encryption method).
I'm looking for a good way to protect a private part of a site and...
I was thinking this method would be more efficient than only the session
But ... perhaps I'm on the bad way...

"John W. Holmes" <[EMAIL PROTECTED]> a écrit dans le message de news:
002501c27e08$40567040$[EMAIL PROTECTED]
> > I would know what did you think of my method to prevent 'piracy'..
> >
> > I do like this :
> >
> > - A Session is made for each user
> >   In the session, put 2 value : a flag "userlogged" and the userId
> > - In a cookie, I put the session Id and an unique crypted value.
> If you're using sessions, there is already a cookie with the session id
> in it. Why are you storing crypted values in a cookie? Why not just add
> the values to the session and not worry about encrypting it?
> ---John Holmes....
> >
> > When user go on private parts of the site,
> > I check the session, the cookie and database fields for the user..
> > The crypted data contains some user values (the encryption is done
> with
> > mcrypt lib).
> >
> > Is it a good way or is there a better way (without SSL)... ?
> >
> > Regards,
> > P.E. Baroiller

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to