On Thursday 16 January 2003 05:38, Scott Fletcher wrote:
Or worse, not substituting the characters in the Session ID. Just use the
same Session ID. What if there is leftover session file in the /tmp
directory of the Unix machine and we're dealing with hundred of users each
day. Some of
computer. I'm sure you'll find ways to elaborate from there. You can do
all of this without requiring the user to login.
-Kevin
- Original Message -
From: Scott Fletcher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 2:07 PM
Subject: Re: [PHP] HTTP_REFE
Here's what I found so interesting
This code, $_SERVER['HTTP_REFERER'] have worked without a problem when I use
the latest Mozilla build. It even work with the HierMenus,
location.replace('http://whatever.com'), and location.href =
http://whatever.com...
This is a good news for PHP
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Here's what I found so interesting
This code, $_SERVER['HTTP_REFERER'] have worked without a
problem when I use the latest Mozilla build. It even work
with the HierMenus,
location.replace('http://whatever.com'),
and location.href =
It's not a PHP bug. Many PHP programmer tried to their best to use
HTTP_REFERER so they can keep track of which webpages on the current website
did the user last visited. That way, they can keep out the unauthorized
access to the website without first logging in to the website.
Well, my
ar
Paul Roberts
[EMAIL PROTECTED]
- Original Message -
From: Scott Fletcher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 9:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem
It's not a PHP bug. Many PHP programmer tried to th
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Many PHP programmer tried to their best to use
HTTP_REFERER so they can keep track of which
webpages on the current website did the user
last visited.
I think I see what you are referring to now.
The reason that many people (myself included)
all of this without requiring the user to login.
-Kevin
- Original Message -
From: Scott Fletcher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 2:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem
It's not a PHP bug. Many PHP programmer tried
I agree with you on that. Having something that is reliable is not a bad
idea. Anyway, this HTTP_REFERER script have been in use for 4 years and we
sometime very little have problem with it. It the HTTP_REFERER doesn't work
then all the user will experienced is a direct access attempt and be
---
From: Scott Fletcher [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 9:07 PM
Subject: Re: [PHP] HTTP_REFERER work without a problem
It's not a PHP bug. Many PHP programmer tried to their best to use
HTTP_REFERER so they can keep track of which webpage
--- Kevin Stone [EMAIL PROTECTED] wrote:
What I suggest to you is code a solution around the IP
address. The IP address of course, like any information
coming from the client, can be tampered with but more
than likely it's not going to change while the user is
browsing your website. Right?
[EMAIL PROTECTED] (Chris Shiflett) wrote:
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Many PHP programmer tried to their best to use
HTTP_REFERER so they can keep track of which
webpages on the current website did the user
last visited.
I think I see what you are referring to now.
The
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Or worse, not substituting the characters in the
Session ID. Just use the same Session ID. What if
there is leftover session file in the /tmp
directory of the Unix machine and we're dealing
with hundred of users each day. Some of those
session
That sound wonderful!!! I'm looking forward to hearing about this in the
near future...
Thanks,
Scott F.
Chris Shiflett [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Or worse, not substituting the characters in
I understand. To combine the Session Id with HTTP_REFERER sound good but it
didn't work too well. I'm still open to idea... :-) Fortunately, not
many people know it because it is done behind the scene, so they'll have a
lot more to guess about what's working behind the scene.
Christoph
Here's one way I can do, I checked the session id in the HTTP_REFERER and
grab the existing session id in the database table. This is still not an
effective method.
Christoph Grottolo [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
[EMAIL PROTECTED] (Chris
-
From: Chris Shiflett [EMAIL PROTECTED]
To: Kevin Stone [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 15, 2003 2:37 PM
Subject: Re: Fw: [PHP] HTTP_REFERER work without a problem
--- Kevin Stone [EMAIL PROTECTED] wrote:
What I suggest to you is code a solution around the IP
17 matches
Mail list logo
