I think you should be worried about users that refuse to reply with
the cookie thus
the session is pretty much useless in this case (crawlers usually
don't hold the cookie).
In this case you need to track the users by IP address.
I would solve this problem on the Apache server side with
Thanks again for the response. Even if my question wasn't about
storing sessions, it's a nice article!
Saving session by ip ... what if $_SERVER['REMOTE_ADDR'] is not set ?
or if it's giving you only a proxies ip? you would need something like
that and even won't be sure to get an ip:
function
Saving session by ip ... what if $_SERVER['REMOTE_ADDR'] is not set ?
That value should always be set.
If there is a proxy between the client and the server it will be the
proxy server IP address and maybe set up
in the HTTP header as X-Forwarded-For.
Anyway... as I mentioned my main
My suggestion in this case is to use the difference between GET/POST.
That sounds great to me!
I would keep in session (or the URL) the filter used and not the
actual results.
how do you secure, that one cannot bypass the post-form, by url-
manipulation?
--
If you want to report a
how do you secure, that one cannot bypass the post-form, by url-
manipulation?
You can not really do that, they can do whatever they want in the
request.
One thing that you have to do is to enforce a session upon the users
that get to search form - by requesting login for instance.
To
Ok, so the best practice is Keep It Stupid Simple (KISS) with some
simple session-checks (and yes, the users need to be logged in for
searching)
Thanks for the great responses pghoratiu/gabriel!
On 5 Jun., 13:37, pghoratiu pghora...@gmail.com wrote:
how do you secure, that one cannot bypass