On Fri, April 21, 2006 6:28 am, Ben Liu wrote:
> Yes, Chuck is correct here. The security issue I raised has to do
> with multiple users on the same shared server, which is how some
> hosting companies manage their clients. Each user may have a
> different home directory and has separation from oth
Ach, correction: "Chuck is correct here." = "*Richard* is correct here."
No morning coffee yet, sorry.
- Ben
On Apr 20, 2006, at 7:22 PM, Richard Lynch wrote:
On Thu, April 20, 2006 1:46 pm, Ben Liu wrote:
After a bit more research, I think I understand why Jochem recommends
use of session_s
Yes, Chuck is correct here. The security issue I raised has to do
with multiple users on the same shared server, which is how some
hosting companies manage their clients. Each user may have a
different home directory and has separation from other users,
however, usually the same /tmp direct
On Thu, April 20, 2006 1:46 pm, Ben Liu wrote:
> After a bit more research, I think I understand why Jochem recommends
> use of session_save_path() rather than just naming each session
> differently. The former method provides more security as you can set
> the location where session cookies are st
On Thu, April 20, 2006 10:21 am, Ben Liu wrote:
> I'm using a single development server to host multiple client
> projects, many of which require session management. I've noticed that
> sometimes when I test these various web apps (which are simply in
> separate sub directories) I get session leaka
Hi Dave,
After a bit more research, I think I understand why Jochem recommends
use of session_save_path() rather than just naming each session
differently. The former method provides more security as you can set
the location where session cookies are stored. This will help prevent
an attacker from
Thanks Jochem, this should give me all I need to solve this problem. -Ben
On 4/20/06, Jochem Maas <[EMAIL PROTECTED]> wrote:
> Ben Liu wrote:
> > Hi Dave,
> >
> > Thanks, I think the method recommended by Robin using the function
> > ini_set() would work, but somehow I think this could be done in
Ben Liu wrote:
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler fashion by setting separate session names for each app, unless
I am misunderstanding the use of session_name(). Trying this out
now..
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler fashion by setting separate session names for each app, unless
I am misunderstanding the use of session_name(). Trying this out
now...
- Ben
On 4/20
Thanks for the response Robin, I'm reading up on session.cookie_path
now. It seems that this would require creating separate php.ini files
for each application.
On 4/20/06, Robin Vickery <[EMAIL PROTECTED]> wrote:
> On 20/04/06, Ben Liu <[EMAIL PROTECTED]> wrote:
> > Hello All,
> >
> > I'm using a
On 20/04/06, Ben Liu <[EMAIL PROTECTED]> wrote:
> Hello All,
>
> I'm using a single development server to host multiple client
> projects, many of which require session management. I've noticed that
> sometimes when I test these various web apps (which are simply in
> separate sub directories) I ge
Hello All,
I'm using a single development server to host multiple client
projects, many of which require session management. I've noticed that
sometimes when I test these various web apps (which are simply in
separate sub directories) I get session leakage where logging in and
establishing a sessi
12 matches
Mail list logo
