I would suggest (haven't tried to write code in details) to associate a random number in a variable each time you send a cookie (for new cookies anyway) and store the key (randomvariable<->cookie) ina database. You should be able to verify the user at next connection verifying the matching key.
"Michal Migurski" <[EMAIL PROTECTED]> ha scritto nel messaggio news:[EMAIL PROTECTED] > > [snip} > > > As well as much harder for AOL subscribers (whose IP's change per-request) > > > to use the site. > > [snip] > > > > WHAT?? Are you sure of this? AOL really breaks internet browsing this > > much? Sorry, I can't believe this. If this was true, many things would > > break. > > Not really -- HTTP is stateless, so there's really no reason for each > request to come from the same IP. As other posters in this thread have > pointed out, AOL uses an army of proxy servers. In the past, they've even > cached and re-compressed images for the benefit of those on slow dialup. > > As you say, wacky stuff. > > You're on the right track, though - the way to make cookies tougher to > crack is to associate the cookie with some other piece of user > information. I've toyed with using an encrypted string based on the user > agent as part of the cookie, but have never encountered a project where > this level of care was called-for while SSL was not. > > --------------------------------------------------------------------- > michal migurski- contact info and pgp key: > sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
