You could, on the page where it initially creates there session, get there IP address and make that a session variable, then in one of your include files which is called on every page, check to see if the current users's IP match's the one of the $_SESSION[ip] variable, if it doesn't, just stop them dead with an exit; statement.
Course this won't help for people behind the same public IP, but it's a start. You could also verify against what the browser identify's itself as, etc. Adam Voigt [EMAIL PROTECTED] On Thu, 2002-10-24 at 08:32, Shaun wrote: > Hi, > > If i use sid in the url , is it dangerous - can hackers gain info on > important variables storing username and passwords or is it save to use , if > not what should i do. > > shaun > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php