> > Ok, stop right there. Sessions and authentication have nothing to do with > > each other. To create a secure authenticated site you should be using > > HTTP-based authentication over SSL. Sessions are simply for maintaining > > state across http requests and have nothing to do with authentication. > > > > -Rasmus > > So setting a 'loggedin' session variable once a person has authenticated, and > checking for that session variable each request before proceeding is not ok? No, this is what I was trying to make sure people realized. It is only ok if this happens over SSL and there is no chance that someone else can sniff the session id. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- [PHP] Stopping stolen / spoofed / linked sessions adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Stephen Cope
- Re: [PHP] Stopping stolen / spoofed / linked sessi... teo
- RE: [PHP] Stopping stolen / spoofed / linked sessi... scott [gts]
- RE: [PHP] Stopping stolen / spoofed / linked sessi... David Price
- RE: [PHP] Stopping stolen / spoofed / linked s... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / linked s... Jason Brooke
- Re: [PHP] Stopping stolen / spoofed / link... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / linked s... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / link... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / ... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoof... Christian Reiniger
- Re: [PHP] Stopping stolen / spoofed / linked sessi... adam (dahamsta)
- RE: [PHP] Stopping stolen / spoofed / linked sessi... Robert Klinkenberg
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Bill Rausch
- Re: [PHP] Stopping stolen / spoofed / linked s... Christopher Ostmo