Chris Shiflett wrote:
--- Matthew A. Blasinski [EMAIL PROTECTED] wrote:
So, I'm thinking a plausible session id could be made by hashing
their identification (to make it useful to the rightful owner
only) with a private key (to make it hard to get and guess). I
think the identification could be
--- Matthew A. Blasinski [EMAIL PROTECTED] wrote:
My question - what is the best way to know the session id between
pages? Posting it in the URL and using $_GET[PHPSESSID] is one
solution, but this seems like a hassle and is also open to attack if
someone could guess a valid session ID.
As
Thanks for the response Chris, that's just the type of thing I was
looking for!
So, I'm thinking a plausible session id could be made by hashing their
identification (to make it useful to the rightful owner only) with a
private key (to make it hard to get and guess). I think the
Matthew A. Blasinski wrote:
I'm trying to track session data and merge several related services
through a common server-side session (using Apache). One condition is
that it won't use cookies to store the user data OR the session ID.
Another is that the services we're merging use different
* Thus wrote Matthew A. Blasinski ([EMAIL PROTECTED]):
Thanks for the response Chris, that's just the type of thing I was
looking for!
So, I'm thinking a plausible session id could be made by hashing their
identification (to make it useful to the rightful owner only) with a
private key
--- Matthew A. Blasinski [EMAIL PROTECTED] wrote:
So, I'm thinking a plausible session id could be made by hashing
their identification (to make it useful to the rightful owner
only) with a private key (to make it hard to get and guess). I
think the identification could be their IP, user
6 matches
Mail list logo
