Hi,
You can use $HTTP_SESSION_VARS["username"] to make sure that this variable
is from the user session, not from the cookie.
When you do a session_register("username");, the $username is store in the
server side, not on the client. The client side only have a Session ID store
in the cookie. Each time when a client side request a php page, PHP will see
if a specific Session ID has been sent with the request. If this is the
case, the prior saved environment is recreated.
-Stephen Yau
Arash Dejkam writes:
> Hi,
>
> I want to use PHP session manager but I have some problems,
>
> I want the session start in a login page so I do this for example:
>
> after authenticating...
> session_start();
> session_register("username");
>
> then I want the user to be able to see his own pages, what do I have to do
> in those pages?
>
> simply check $username and bring up the user's page ? but this makes it
> possible for any hacker to send a cookie with username and see that page. I
> know that PHP stores a unique random number for each session but how can I
> check that it matches with the number in the cookie.
>
> help me please I'm really confused !
>
> Thanks
>
> Arash Dejkam
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
