Perrin Harkins wrote:
009001c1b65b$068df3d0$18020c0a@PerriHar">All it does is get the user login info and displays it. The variable is local to the short script.2. I don't think it's a global vairable issue. Basically, I just grab
the cookie by $r->header_in('Cookie')
and decrypt it.
It's what you do after that that matters.
009001c1b65b$068df3d0$18020c0a@PerriHar">What I meant was it would have happen to any user from any other ISP or domain. In all cases,Besides, if it's global then the "mistaken" ID's should
be from anywhere randomly.
True, but random may not always look random.
the mistaken ID's originate from the same ISP ([EMAIL PROTECTED] appears as [EMAIL PROTECTED], [EMAIL PROTECTED]
appears as [EMAIL PROTECTED] and so on).
009001c1b65b$068df3d0$18020c0a@PerriHar">No, just straight encrypt($user_id) as the value of the cookie and decrypt($cookie_str).There is this nagging fact that the parties involved are from the same
ISP's i.e. user A1 and A2 are
from foo.com, user B1 and B2 are from bar.com, etc.
You aren't using IP or domain as part of your ID generation, are you? That
would be bad.
009001c1b65b$068df3d0$18020c0a@PerriHar">
- Perrin
