I have a Q.
will the Session ID be stolen by hacker when the ID tranfer bewteen client
and server ?
Then can the hacker send the ID to server and veiw the user's page ?
"Jason Stechschulte" <[EMAIL PROTECTED]> ?????
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Fri, Jun 22, 2001 at 08:59:54AM +0430, Arash Dejkam wrote:
> > simply check $username and bring up the user's page ? but this makes it
> > possible for any hacker to send a cookie with username and see that
page. I
> > know that PHP stores a unique random number for each session but how can
I
> > check that it matches with the number in the cookie.
>
>
> Why not just check for username this way:
>
> <?php
> if(session_is_registered("username")) {
> // Do stuff
> }
> ?>
>
> Then username has to be registered as a session variable so any hacker
> (sic) can't just send a username to see that page.
>
> --
> Jason Stechschulte
> [EMAIL PROTECTED]
> --
> echo "Your stdio isn't very std."
> -- Larry Wall in Configure from the perl distribution
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
