Wow, you really need to be carefull when ever you're dealing with money,
although if you're just handing the objects in a cart and passing that to a
secure payment system then it's not as big of a deal.
Cookies can be stolen.
Sessions are vulnerable to snooping if you're on a shared server.
T
Richard Lynch wrote:
On Wed, August 29, 2007 4:33 pm, tedd wrote:
At 10:52 PM +0200 8/18/07, Michelle Konzack wrote:
Am 2007-08-17 22:07:47, schrieb Bastien Koert:
If cookies are not available, you can either
hide the id in the hidden form field element
or
enable trans_sid to automaticall
On Wed, August 29, 2007 4:33 pm, tedd wrote:
> At 10:52 PM +0200 8/18/07, Michelle Konzack wrote:
>>Am 2007-08-17 22:07:47, schrieb Bastien Koert:
>>>
>>> If cookies are not available, you can either
>>>
>>> hide the id in the hidden form field element
>>> or
>>> enable trans_sid to automatical
On 8/29/07, tedd <[EMAIL PROTECTED]> wrote:
> When the user first generates a session id, grab the user's ip and
> store both in mysql.
>
> In the code, always check the session id against the user's ip before
> doing anything. If they don't match with what you started with, then
> stop. That shoul
At 10:52 PM +0200 8/18/07, Michelle Konzack wrote:
Am 2007-08-17 22:07:47, schrieb Bastien Koert:
If cookies are not available, you can either
hide the id in the hidden form field element
or
enable trans_sid to automatically pass the session id in the url
This will be a security risk sin
Hello, thanks for all the replies.
However, since I'm not very familiar with trans_sid I'll do some research on
that.
Michelle Konzack, if hiding the id in hidden form field element or enabling
trans_sid could lead to security risks, what would you recommend as an
alternative method to safely tran
Am 2007-08-17 22:07:47, schrieb Bastien Koert:
>
> If cookies are not available, you can either
>
> hide the id in the hidden form field element
> or
> enable trans_sid to automatically pass the session id in the url
This will be a security risk since Session-Hijacker can grap the URL
Greeting
7 matches
Mail list logo