Ooooh, it's a lesson every day! Right, back to the drawing board :(
Justin French [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote:
Why not just use IP?
I created a nice system, whereby if your IP is
Okay, having had my own solution shot and burned ;), I would love to look at
yours, but unfortunately the page (well, the entire site), will not load.
It could be a temporary outage with either ISP, but is there anyway you
could post it here? (I perhaps flag it as large?).
On my site, I'm not
lol, no sooner had I spoke than it sprang back into action! I now have the
source you posted. Looking it over!
M1tch [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Okay, having had my own solution shot and burned ;), I would love to look
at
yours, but
Just out of curiosity, do you know if any part (e.g. x1.x2.x3.x4) of the IP
remains static when AOL changes it? Even if it's only the first part, that's
better than nothing.
I'm having a headache now, because I'm already behind schedule, and this has
just thrown a spanner in the works :( (but
Nope, have no idea... I've just allways been told (and adhered to) the rule
that you don't trust anything client side, which would include IP address'.
Even if you could get it working for AOL, what about some other ISP located
in Australia, South Africa, or anywhere else on the planet that
One thing that I did that may help.
Every time a session is opened, the system insists on writing to disk on
every page, whether the session is updated or not.
With a lot of users, this is a bit of a system bog.
So, I hold the contents of a session when 'read', in a global variable.
Then, in the
PROTECTED]
Subject: [PHP] Re: Proposal for securing PHP sessions
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Also, I built it using
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Also, I built it using database (using my own session functions in
savehandler), that stores
] Re: Proposal for securing PHP sessions
You're going to be shutting out a lot of AOL users (bah! who needs em! ;p)
if you do that, as AOL changes a user's IP address about as often as you
read the word the...
Dave
-Original Message-
From: M1tch [mailto:[EMAIL PROTECTED]]
Sent
07, 2002 12:05 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Proposal for securing PHP sessions
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either
on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote:
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
large ISPs like AOL use variable IPs
11 matches
Mail list logo
