[EMAIL PROTECTED]
[]'s
Keyser Soze
- Original Message -
From: Sascha Schumann [EMAIL PROTECTED]
To: Hans Prins [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, February 11, 2003 2:08 AM
Subject: Re: [PHP-DEV] session security
Can anyone point me to a possible
and Mozilla (don't remember the version now), it worked
fine.
[]'s
Keyser Soze
- Original Message -
From: Sascha Schumann [EMAIL PROTECTED]
To: Hans Prins [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, February 11, 2003 2:08 AM
Subject: Re: [PHP-DEV] session security
Can anyone
sion now), it
worked
fine.
[]'s
Keyser Soze
- Original Message -
From: Sascha Schumann [EMAIL PROTECTED]
To: Hans Prins [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, February 11, 2003 2:08 AM
Subject: Re: [PHP-DEV] session security
Can anyone point me to a possible
On Tue, 11 Feb 2003, Hans Prins wrote:
Thx guys,
I'll play around with it some more and see if I can secure it some more :)
Keep in mind that many proxies remove the referrer
information.
- Sascha
--
PHP Development Mailing List http://www.php.net/
To unsubscribe, visit:
Im currently trying to secure a php program where I authenticate a user
against an md5 string stored in a mysql database..
My problem is that since this program consists out of more that one pages, I
am using a session and I register the md5 string and username as session
variables.
As I
Can anyone point me to a possible solution for this?
1. Use SSL.
2. Throw away an existing session id, if a user authenticated
successfully (e.g. destroy the old session, and copy the
data into a new one).
3. Provide a logout button which destroys the session.
-
