1.)
I see from www.php.net , people said they will generate a Session ID by
themselves
srand((double)microtime()*100);
$unique_str = md5(rand(0,999));
why not to generate by ourself ?
PHP will create itself .
Once upon a time, a long time ago, there was no built-in PHP session
o ic
check the IP to prevent .
But I have another Q .
1.)
I see from www.php.net , people said they will generate a Session ID by
themselves
srand((double)microtime()*100);
$unique_str = md5(rand(0,999));
why not to generate by ourself ?
PHP will create itself .
2.)
Will Session have
I'm not quite sure if this is the perfect way cause I'm pretty new to this
session stuff, too.
but my version looks like this:
[login.php]
a form with username and password field.
submit -- auth.php
[auth.php]
check if username and password are ok (from a text file or your mysql
database)
On Fri, Jun 22, 2001 at 08:59:54AM +0430, Arash Dejkam wrote:
simply check $username and bring up the user's page ? but this makes it
possible for any hacker to send a cookie with username and see that page. I
know that PHP stores a unique random number for each session but how can I
check
Does this depend on cookies?
regards,
jaxon
-Original Message-
From: Style|warrioR [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 22, 2001 5:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] PHP authenticating and session management
I'm not quite sure if this is the perfect way
I have a Q.
will the Session ID be stolen by hacker when the ID tranfer bewteen client
and server ?
Then can the hacker send the ID to server and veiw the user's page ?
Jason Stechschulte [EMAIL PROTECTED] ?
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Fri, Jun 22, 2001 at 08:59:54AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] PHP authenticating and session management
I'm not quite sure if this is the perfect way cause I'm pretty new to
this
session stuff, too.
but my version looks like this:
[login.php]
a form with username and password field.
submit
interesting question! I'm also interested in it, cause I read somwhere
that its possible to kidnap sessions...
Bass??? [EMAIL PROTECTED] schrieb in im Newsbeitrag:
9gvt89$pi5$[EMAIL PROTECTED]
I have a Q.
will the Session ID be stolen by hacker when the ID tranfer bewteen client
and server
Bass??? pressed the little lettered thingies in this order...
I have a Q.
will the Session ID be stolen by hacker when the ID tranfer bewteen client
and server ? Then can the hacker send the ID to server and veiw the user's
page ?
Yes. That *can* happen to any non-encrypted transmission
9 matches
Mail list logo