Re: [PHP] session data vs cookie data

2002-01-30 Thread Erik Price
On Wednesday, January 30, 2002, at 09:55 AM, Jerry Verhoef (UGBI) wrote: > When that happens a user has to relogin. No data will be lost. > > Jerry So then, do you include a re-login script at the top of every page (for when the session authentication fails)? Or do you have some advanced "r

Re: [PHP] session data vs cookie data

2002-01-30 Thread =?x-unknown?q?Rodolfo_Gonz=E1lez_Gonz=E1lez?=
On Wed, 30 Jan 2002, Michael Kimsal wrote: > > a cookie. So I always store the IP, HTTP_X_FORWARD and USER_AGENT in the > Do you null the user if the IP changes? IPs can change during a user's > session, so I wouldn't base the validity of the session solely based on IP. Also, sometimes there ar

Re: [PHP] session data vs cookie data

2002-01-30 Thread Mike Frazer
HTTP_REFERRER is another good way to check. This allows users to access the page ONLY from a specific set of referring pages. However, if you have a gigantic site this can be cumbersome and can create a rather large array of referring pages, so you may want to put the value through a reg-ex that

Re: [PHP] session data vs cookie data

2002-01-30 Thread Arpad Tamas
> > Do you null the user if the IP changes? IPs can change > > during a user's > > session, so I wouldn't base the validity of the session > > solely based on IP. > When that happens a user has to relogin. No data will be lost. Relogin? Huh, I'd never visit a site where I have to login on every

Re: [PHP] session data vs cookie data

2002-01-30 Thread Michael Kimsal
Maybe you haven't had this experience, but we've regularly seen AOL users get switched between IPs during the same session on our sites. They'd had to start over and relogin every 5-10 minutes sometimes under that method. Do you not get any complaints? Michael Kimsal Jerry Verhoef wrote: >

RE: [PHP] session data vs cookie data

2002-01-30 Thread Jerry Verhoef (UGBI)
When that happens a user has to relogin. No data will be lost. Jerry > -Original Message- > From: Michael Kimsal [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 30, 2002 3:53 PM > To: Jerry Verhoef > Cc: PHP > Subject: Re: [PHP] session data vs cookie data >

Re: [PHP] session data vs cookie data

2002-01-30 Thread Michael Kimsal
Jerry Verhoef wrote: > > > It is possible to "steal" a session because a session_id is usually based on > a cookie. So I always store the IP, HTTP_X_FORWARD and USER_AGENT in the > session. And check them every page. > > kind regards, > Jerry Do you null the user if the IP changes? IPs c

RE: [PHP] session data vs cookie data

2002-01-30 Thread Jerry Verhoef (UGBI)
> -Original Message- > From: Erik Price [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 30, 2002 3:30 PM > To: PHP > Subject: [PHP] session data vs cookie data > > > I have read elsewhere that depending on Cookie data for site > authentication is false economy, because Cookie da