I can't answer your overall question but I can tell you that a 'resourceful'
hacker can also easily spoof an IP address, or so I'm told ;)
Why not just have the entire session encrypted. The user could browse
around the catalog sessionless and as soon as a cart was necessary (wants to
put
I came to the PHP list today with the same question/problem.
My cart doesn't require cookies. If the user doesn't have them it just puts the
SESSID in the URL. (Good ol PHP!)
BUT - it's actually happening often that someone linking to our store
from their own website is including the long
On Tue, Mar 19, 2002 at 08:37:43AM -0800, PHP freak wrote:
BUT - it's actually happening often that someone linking to our store
from their own website is including the long SESSID in the URL
that links to us, to that everyone who follows that link from
that website is getting the same
PROTECTED]]
Sent: Tuesday, March 19, 2002 10:03 AM
To: PHP List
Subject: Re: [PHP] sessions not so secure..solution?
On Tue, Mar 19, 2002 at 08:37:43AM -0800, PHP freak wrote:
BUT - it's actually happening often that someone linking to our store
from their own website is including the long SESSID
4 matches
Mail list logo
