Re: [PHP-DEV] session security

2003-02-12 Thread Maxim Maletsky
t variable into the HTTP request headers. -- Maxim Maletsky [EMAIL PROTECTED] > []'s > Keyser Soze > > - Original Message - > From: "Sascha Schumann" <[EMAIL PROTECTED]> > To: "Hans Prins" <[EMAIL PROTECTED]> > Cc: <[EMAIL

Re: [PHP-DEV] session security

2003-02-11 Thread Sascha Schumann
On Tue, 11 Feb 2003, Hans Prins wrote: > Thx guys, > > I'll play around with it some more and see if I can secure it some more :) Keep in mind that many proxies remove the referrer information. - Sascha -- PHP Development Mailing List To unsubscribe, visit: ht

Re: [PHP-DEV] session security

2003-02-11 Thread Hans Prins
xplorer >5 and Mozilla (don't remember the version now), it worked > fine. > > []'s > Keyser Soze > > - Original Message - > From: "Sascha Schumann" <[EMAIL PROTECTED]> > To: "Hans Prins" <[EMAIL PROTECTED]> > Cc: <[

Re: [PHP-DEV] session security

2003-02-11 Thread Keyser Soze
xplorer >5 and Mozilla (don't remember the version now), it worked fine. []'s Keyser Soze - Original Message - From: "Sascha Schumann" <[EMAIL PROTECTED]> To: "Hans Prins" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, Febr

Re: [PHP-DEV] session security

2003-02-10 Thread Sascha Schumann
> Can anyone point me to a possible solution for this? 1. Use SSL. 2. Throw away an existing session id, if a user authenticated successfully (e.g. destroy the old session, and copy the data into a new one). 3. Provide a logout button which destroys the session. - Sa

[PHP-DEV] session security

2003-02-10 Thread Hans Prins
Im currently trying to secure a php program where I authenticate a user against an md5 string stored in a mysql database.. My problem is that since this program consists out of more that one pages, I am using a session and I register the md5 string and username as session variables. As I