Re: [PHP] Session Theft

2003-03-29 Thread Beauford.2002
] Sent: Saturday, March 29, 2003 10:04 PM Subject: Re: [PHP] Session Theft the session is created such that a file is created that (the file contains all the variables for that perticular user) referenced by the session id. now consider a situation where the user open a link to external site

RE: [PHP] Session Theft

2003-03-28 Thread Jon Haworth
Hi Haseeb, if i can get something from user end that is unique for that user.for e.g. his/her IP . Firstly, an IP address can be shared between multiple users, or it can change constantly for one user. Here's what a page request from an AOL user looks like (I've snipped the request paths,

Re: [PHP] Session Theft

2003-03-28 Thread Larry E. Ullman
i just want to figure out a way by which i can stop session theft.i thought if i can get something from user end that is unique for that user.for e.g. his/her IP .but it will not work when they are behind firewall.they will be assigned same IP.is there a way for me to get the IP

[PHP] Session Theft

2003-03-28 Thread Haseeb Iqbal
i just want to figure out a way by which i can stop session theft.i thought if i can get something from user end that is unique for that user.for e.g. his/her IP .but it will not work when they are behind firewall.they will be assigned same IP.is there a way for me to get the IP

Re: [PHP] Session Theft

2003-03-28 Thread Jim Lucas
check into forcing the use of trans_sid Jim - Original Message - From: Haseeb Iqbal [EMAIL PROTECTED] To: PHP General list [EMAIL PROTECTED] Sent: Friday, March 28, 2003 8:48 PM Subject: [PHP] Session Theft i just want to figure out a way by which i can stop session theft.i thought

Re: [PHP] Session Theft

2003-03-28 Thread CPT John W. Holmes
i just want to figure out a way by which i can stop session theft.i thought if i can get something from user end that is unique for that user.for e.g. his/her IP .but it will not work when they are behind firewall.they will be assigned same IP.is there a way for me to get the IP

Re: [PHP] Session Theft

2003-03-28 Thread Marek Kilimajer
You can give the users the oportunity to turn ip check on (a checkbox in the login form). There is also a header that is set by many proxies to the ip address of the client, but I don't remember its name (maybe (X-)Forwarded-For) Haseeb Iqbal wrote: i just want to figure out a way by which i

Re: [PHP] Session Theft

2003-03-28 Thread Beauford.2002
: [PHP] Session Theft i just want to figure out a way by which i can stop session theft.i thought if i can get something from user end that is unique for that user.for e.g. his/her IP .but it will not work when they are behind firewall.they will be assigned same IP.is there a way for me to get