Hi all! The following code seems like it should be open to session
fixation attacks, but is not. Why?!
This is the beginning of the private page...
?php
session_start();
if (!isset($_SESSION['user']))
{
header(Location: http://[address of login page]?requestedpage=[token
for this page]);
:
On Mon, 2009-02-16 at 13:49 -0500, Sean DeNigris wrote:
Hi all! The following code seems like it should be open to session
fixation attacks, but is not. Why?!
This is the beginning of the private page...
?php
session_start();
if (!isset($_SESSION['user']))
{
header(Location: http://[address
...
$sql .= '. mysql_real_escape_string($Notes) .');
Sean DeNigris
s...@clipperadams.com
3 matches
Mail list logo