Hi,
I have been reading up on the old discussions on this list as i was very
busy for the past few daysand i saw a very intresting topic regarding
sessions and security.
I really didnt understand some of the things you guys wrote on hi-jacking a
session...do you have any examples of this?
How
On Jun 14, 2003, Ryan A claimed that:
|Hi,
|I have been reading up on the old discussions on this list as i was very
|busy for the past few daysand i saw a very intresting topic regarding
|sessions and security.
|
|I really didnt understand some of the things you guys wrote on hi-jacking a
JH are associated with a specific id. First, URLs carrying session ids. If
JH you link to an external site, the URL including the session id might be
JH stored in the external site's referrer logs. Second, a more active
JH attacker might listen to your network traffic. If it is not encrypted,
JH
Hi,
I am trying to find the best method for implementing sessions in PHP to
track/limit users. However, the more I read, the more I am concerned about
security. Can anyone give me a definitive answer as to the best method of
tracking users with security in mind ?
Thanks,
Nick
This private
--- Clarkson, Nick [EMAIL PROTECTED] wrote:
I am trying to find the best method for implementing
sessions in PHP to track/limit users. However, the
more I read, the more I am concerned about security.
Can anyone give me a definitive answer as to the best
method of tracking users with security
] Sessions Security
--- Clarkson, Nick [EMAIL PROTECTED] wrote:
I am trying to find the best method for implementing
sessions in PHP to track/limit users. However, the
more I read, the more I am concerned about security.
Can anyone give me a definitive answer as to the best
method of tracking users
Hi,
i am currently working with sessions and how to secure them as much as
possible.
In an older script of mine, i used session_is_registered() to take care
of this, but according to the manual: If you are using $_SESSION (or
$HTTP_SESSION_VARS), do not use session_register(), ... - i can't
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you could record the user agent into
the session, and check against that -- keeping in mind that the user
Ah,
thanks a lot.
I will add my 2 cents in there then :)
Regards,
Duncan
Justin French wrote:
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you
Try looking at register_shutdown_function at
http://www.php.net/manual/en/function.register-shutdown-function.php
From the documentation:
"int register_shutdown_function (string func)
Registers the function named by func to be executed when script processing
is complete."
What qualifies as
10 matches
Mail list logo
