On Wednesday, January 30, 2002, at 09:55 AM, Jerry Verhoef (UGBI) wrote:
> When that happens a user has to relogin. No data will be lost.
>
> Jerry
So then, do you include a re-login script at the top of every page (for
when the session authentication fails)? Or do you have some advanced
"r
On Wed, 30 Jan 2002, Michael Kimsal wrote:
> > a cookie. So I always store the IP, HTTP_X_FORWARD and USER_AGENT in the
> Do you null the user if the IP changes? IPs can change during a user's
> session, so I wouldn't base the validity of the session solely based on IP.
Also, sometimes there ar
HTTP_REFERRER is another good way to check. This allows users to access the
page ONLY from a specific set of referring pages. However, if you have a
gigantic site this can be cumbersome and can create a rather large array of
referring pages, so you may want to put the value through a reg-ex that
> > Do you null the user if the IP changes? IPs can change
> > during a user's
> > session, so I wouldn't base the validity of the session
> > solely based on IP.
> When that happens a user has to relogin. No data will be lost.
Relogin? Huh, I'd never visit a site where I have to login on every
Maybe you haven't had this experience, but we've regularly seen AOL
users get switched between IPs during the same session on our sites.
They'd had to start over and relogin every 5-10 minutes sometimes under
that method. Do you not get any complaints?
Michael Kimsal
Jerry Verhoef wrote:
>
When that happens a user has to relogin. No data will be lost.
Jerry
> -Original Message-
> From: Michael Kimsal [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 30, 2002 3:53 PM
> To: Jerry Verhoef
> Cc: PHP
> Subject: Re: [PHP] session data vs cookie data
>
Jerry Verhoef wrote:
>
>
> It is possible to "steal" a session because a session_id is usually based on
> a cookie. So I always store the IP, HTTP_X_FORWARD and USER_AGENT in the
> session. And check them every page.
>
> kind regards,
> Jerry
Do you null the user if the IP changes? IPs c
> -Original Message-
> From: Erik Price [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 30, 2002 3:30 PM
> To: PHP
> Subject: [PHP] session data vs cookie data
>
>
> I have read elsewhere that depending on Cookie data for site
> authentication is false economy, because Cookie da
8 matches
Mail list logo