On Fri, Jun 22, 2001 at 08:59:54AM +0430, Arash Dejkam wrote:
> simply check $username and bring up the user's page ? but this makes it
> possible for any hacker to send a cookie with username and see that page. I
> know that PHP stores a unique random number for each session but how can I
> check that it matches with the number in the cookie.
Why not just check for username this way:
<?php
if(session_is_registered("username")) {
// Do stuff
}
?>
Then username has to be registered as a session variable so any hacker
(sic) can't just send a username to see that page.
--
Jason Stechschulte
[EMAIL PROTECTED]
--
echo "Your stdio isn't very std."
-- Larry Wall in Configure from the perl distribution
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]