]
Sent: Saturday, March 29, 2003 10:04 PM
Subject: Re: [PHP] Session Theft
the session is created such that a file is created that (the file contains
all the variables for that perticular user) referenced by the session id.
now consider a situation where the user open a link to external site
Hi Haseeb,
if i can get something from user end that is unique
for that user.for e.g. his/her IP .
Firstly, an IP address can be shared between multiple users, or it can
change constantly for one user.
Here's what a page request from an AOL user looks like (I've snipped the
request paths,
i just want to figure out a way by which i can stop session theft.i
thought
if i can get something from user end that is unique for that user.for
e.g.
his/her IP .but it will not work when they are behind firewall.they
will be
assigned same IP.is there a way for me to get the IP
i just want to figure out a way by which i can stop session theft.i thought
if i can get something from user end that is unique for that user.for e.g.
his/her IP .but it will not work when they are behind firewall.they will be
assigned same IP.is there a way for me to get the IP
check into forcing the use of trans_sid
Jim
- Original Message -
From: Haseeb Iqbal [EMAIL PROTECTED]
To: PHP General list [EMAIL PROTECTED]
Sent: Friday, March 28, 2003 8:48 PM
Subject: [PHP] Session Theft
i just want to figure out a way by which i can stop session theft.i
thought
i just want to figure out a way by which i can stop session theft.i
thought
if i can get something from user end that is unique for that user.for e.g.
his/her IP .but it will not work when they are behind firewall.they will
be
assigned same IP.is there a way for me to get the IP
You can give the users the oportunity to turn ip check on (a checkbox in
the login form). There is also a header that is set by many proxies to
the ip address of the client, but I don't remember its name (maybe
(X-)Forwarded-For)
Haseeb Iqbal wrote:
i just want to figure out a way by which i
: [PHP] Session Theft
i just want to figure out a way by which i can stop session theft.i
thought
if i can get something from user end that is unique for that user.for e.g.
his/her IP .but it will not work when they are behind firewall.they will
be
assigned same IP.is there a way for me to get
8 matches
Mail list logo