] Session stealing, ..
I wrote a custom session handler that encrypts the session before it is
stored in /tmp that way even if someone has access to the session files
they are useless.
It stores the randomly generated encryption key on the user's client
base64_encoded, which can be intercept
x27;s also do things like
that?
Wouter
-> -Oorspronkelijk bericht-
-> Van: Jennifer Goodie [mailto:[EMAIL PROTECTED]
-> Verzonden: zaterdag 13 september 2003 0:37
-> Aan: Wouter van Vliet; PHP General
-> Onderwerp: RE: [PHP] Session stealing, ..
->
->
-> >
>This all probably takes care about the problem with session id's in the
>query string, which is known as referrer to the next website our visitor
>visits. What I'm worrying and wondering about now are other users of the
>server my site's at. They can most likely go into the /tmp folder and
>just r
I wrote a custom session handler that encrypts the session before it is
stored in /tmp that way even if someone has access to the session files
they are useless.
It stores the randomly generated encryption key on the user's client
base64_encoded, which can be intercepted as well all know but it
> 93 # When deserialized we are called and need to check if the
> stored IP address equals the client's
> 94 function __wakeup() {
> 95 global $Log;
> 96 if ($_SERVER['REMOTE_ADDR'] !=
> $this->Night['IP']) {
> 97
Hi All,
There's always been a lot of discussion about how safe sessions are. I'd
like to store a complete user object (instance of a class) in a session with
the best security measures possible. Who doesn't.
Now, to prevent that the session file from the server gets stolen by some
other user of t
6 matches
Mail list logo
