When that happens a user has to relogin. No data will be lost. Jerry
> -----Original Message----- > From: Michael Kimsal [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 30, 2002 3:53 PM > To: Jerry Verhoef > Cc: PHP > Subject: Re: [PHP] session data vs cookie data > > > Jerry Verhoef wrote: > > > > > > > It is possible to "steal" a session because a session_id is > usually based on > > a cookie. So I always store the IP, HTTP_X_FORWARD and > USER_AGENT in the > > session. And check them every page. > > > > kind regards, > > Jerry > > > > > Do you null the user if the IP changes? IPs can change > during a user's > session, so I wouldn't base the validity of the session > solely based on IP. > > > Michael Kimsal > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: > [EMAIL PROTECTED] > The information contained in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any form of disclosure, production, distribution or any action taken or refrained from in reliance on it, is prohibited and may be unlawful. Please notify the sender immediately. The content of the email is not legally binding unless confirmed by letter bearing two authorized signatures. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
