interesting question! I'm also interested in it, cause I read somwhere
that its possible to "kidnap" sessions...
"Bass???" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
9gvt89$pi5$[EMAIL PROTECTED]
> I have a Q.
> will the Session ID be stolen by hacker when the ID tranfer bewteen client
> and server ?
> Then can the hacker send the ID to server and veiw the user's page ?
>
>
> "Jason Stechschulte" <[EMAIL PROTECTED]> ?????
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > On Fri, Jun 22, 2001 at 08:59:54AM +0430, Arash Dejkam wrote:
> > > simply check $username and bring up the user's page ? but this makes
it
> > > possible for any hacker to send a cookie with username and see that
> page. I
> > > know that PHP stores a unique random number for each session but how
can
> I
> > > check that it matches with the number in the cookie.
> >
> >
> > Why not just check for username this way:
> >
> > <?php
> > if(session_is_registered("username")) {
> > // Do stuff
> > }
> > ?>
> >
> > Then username has to be registered as a session variable so any hacker
> > (sic) can't just send a username to see that page.
> >
> > --
> > Jason Stechschulte
> > [EMAIL PROTECTED]
> > --
> > echo "Your stdio isn't very std."
> > -- Larry Wall in Configure from the perl distribution
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
