On Apr 7, 2004, at 10:17 AM, Robert Cummings wrote:
On Wed, 2004-04-07 at 09:56, inodes wrote:
Hello,
The PHP manual says it is the developer's job to ensure PHP sessions
cannot
be stolen or "fixed" (this is called Session Fixation).
To minimise the risk of session fixation, I wrote a patch for
On Wed, 2004-04-07 at 09:56, inodes wrote:
> Hello,
>
> The PHP manual says it is the developer's job to ensure PHP sessions cannot
> be stolen or "fixed" (this is called Session Fixation).
>
> To minimise the risk of session fixation, I wrote a patch for PHP-4.3.5 (I
> can port it for the other
Hello,
sure the current user IS the session creator. It is based on client IP
addresses.
A legal user can have multiple IP addresses at the same time. This can
have several reasons...
for example
a) ISP did disconnect him inbetween clicks
b) he is using a proxy but for the https part of your
Hello,
The PHP manual says it is the developer's job to ensure PHP sessions cannot
be stolen or "fixed" (this is called Session Fixation).
To minimise the risk of session fixation, I wrote a patch for PHP-4.3.5 (I
can port it for the other versions too - just ask...), that makes (almost)
sure the
