On Fri, October 20, 2006 5:20 am, Dave Goodchild wrote:
> Hi all, I am having issues with users not being able to post their
> details
> to my site. The system uses sessions, so when they hit the index page
> a test
> cookie is set thus:
>
> setcookie('djst', 'test');You should *NOT* set the timeout to an hour! If their clock is "off" by an hour (or worse, your server clock is off by an hour) the cookie will expire immediately. Trusting the "time" of a Cookie clock is silly for anything less than the scale of years, maybe months. Even then, a user intent on causing trouble will reset their clock to wild values to play with you, and then you're in trouble. > and then I test whether that cookie is set on the next page. If not, I > direct the users to an informational page. This works my end in FF and > IE6 > (sec settings tested at low, medium and medium high) but appox 1 in 20 > users > cannot get past the cookie warning, even if they set their security > settings > to low in IE. I've had major problems with IE on one site like this as well, and suspect it's that goofy "short privacy policy" thing... Never have time to check it out, as the answer "Use Firefox" always works out better. :-) > I am also setting PHPSESSID to something of my own, as I hear that IE > does > not like PHPSESSID (correct?). Aroooo? References, please? Not that it would surprise me... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
