Hi,
My website is an online community, with membership and his/her own
message box. However sometimes my members report to me that when they
login to their account they will go to another member's account. Or they
have entered their own account after login, when they access their
message box
Hi,
>
>
> Here are my algorithm of login script:
>
> if (the entered login name and password exist in membership DB)
> {
> put the login name and its member ID in udat (for further use)
> redirect to the member's own homepage
> }
>
The only thing I can imagine at the moment is, that two
I use My SQL Semaphore, same setting introduced in the documentation of session
handling. And what should I do to prevent this happen?
Thanks again
Eddie Lau
Gerald Richter wrote:
> Hi,
> >
> >
> > Here are my algorithm of login script:
> >
> > if (the entered login name and password exist in
> I use My SQL Semaphore, same setting introduced in the documentation of
session
> handling. And what should I do to prevent this happen?
>
That was only a possibility, I don't know if this is the reason. First of
all you should see if there is already a name in %udat, when you at your
login p
I insatlled mod_perl-1.24_01 with apache 1.3.14, I am still getting a
the error about mod_perl.pm line 14 and Apache.pm line 6
Can't locate loadable object for module Apache::Constants in @INC
(@INC contains: /usr/lib/perl5/5.00503/ppc-linux
/usr/lib/perl5/5.00503 /usr/lib/perl5/site_perl/5.005/
i had a problem similar to this, but it didn't have anything to do
with Apache::Session. just incorrect coding on my part. global variables
in the child retain the old data till overwritten by new data. i had missing
clearing or overwriting a global and of couse it contained the wrong data for
>
> I insatlled mod_perl-1.24_01 with apache 1.3.14, I am still getting a
> the error about mod_perl.pm line 14 and Apache.pm line 6
>
ok, one step back, some questions, maybe dumb, but just to be sure:
Do you have run Makefile.PL of Embperl after upgrading Apache and mod_perl?
Does the make
I have uploaded a new alpha release of Embperl 2.0 to
ftp://ftp.dev.ecos.de/pub/perl/embperl/2.0-alpha .
This version offers all features of Embperl 1.3b7_dev (including full
EmbperlObject support), but has a totaly rewritten core, which is the base
for a lot of new features which I will implemen
On Tue, Nov 07, 2000 at 12:41:52PM +0100, Gerald Richter wrote:
> I have commited a new version into the CVS which should solve the
> DeleteSession problem and also the GetSession problem you reported a few
> days ago.
works great
currently it sends the cookie every time, but (as gerald and i
di
Shouldn't cookies be sent and validated with MD5 signature?
ilia.
- Original Message -
From: "Angus Lees" <[EMAIL PROTECTED]>
To: "Embperl list" <[EMAIL PROTECTED]>
Sent: Wednesday, November 08, 2000 23:10
Subject: Re: trying to DeleteSession (security bug?)
> On Tue, Nov 07, 2000 at 1
On Wed, Nov 08, 2000 at 11:14:58PM -0500, Ilia Lobsanov wrote:
> Shouldn't cookies be sent and validated with MD5 signature?
you'd need to include some sort of server-side secret too to prevent
tampering. (eg: see Digest::HMAC)
the "sparseness" of the session id's should be enough to stop
tamper
11 matches
Mail list logo
