RE: [PHP] RE: Protecting from session hijacking

> -Original Message- > From: Christopher Ostmo [mailto:[EMAIL PROTECTED]] > > Ian Bagley pressed the little lettered thingies in this order... > > > One thing which would prevent hijacks from simply guessing SIDS > would be to > > add a

[PHP] RE: Protecting from session hijacking

One thing which would prevent hijacks from simply guessing SIDS would be to add an md5 hash to the end of a url e.g. If a page was:- doit.php?item=4&SID=237478 then append the url with the md5 of the url PLUS a secret key generated at the begining of each session:- i.e. add MD5("d