JH> are associated with a specific id. First, URLs carrying session ids. If
JH> you link to an external site, the URL including the session id might be
JH> stored in the external site's referrer logs. Second, a more active
JH> attacker might listen to your network traffic. If it is not encrypted,
J
On Jun 14, 2003, "Ryan A" claimed that:
|Hi,
|I have been reading up on the old discussions on this list as i was very
|busy for the past few daysand i saw a very intresting topic regarding
|sessions and security.
|
|I really didnt understand some of the things you guys wrote on "hi-jacking a
Hi,
I have been reading up on the old discussions on this list as i was very
busy for the past few daysand i saw a very intresting topic regarding
sessions and security.
I really didnt understand some of the things you guys wrote on "hi-jacking a
session"...do you have any examples of this?
Ho
: Re: [PHP] Sessions & Security
--- "Clarkson, Nick" <[EMAIL PROTECTED]> wrote:
> I am trying to find the best method for implementing
> sessions in PHP to track/limit users. However, the
> more I read, the more I am concerned about security.
> Can anyone give me a de
--- "Clarkson, Nick" <[EMAIL PROTECTED]> wrote:
> I am trying to find the best method for implementing
> sessions in PHP to track/limit users. However, the
> more I read, the more I am concerned about security.
> Can anyone give me a definitive answer as to the best
> method of tracking users with
Hi,
I am trying to find the best method for implementing sessions in PHP to
track/limit users. However, the more I read, the more I am concerned about
security. Can anyone give me a definitive answer as to the best method of
tracking users with security in mind ?
Thanks,
Nick
This private and
Ah,
thanks a lot.
I will add my 2 cents in there then :)
Regards,
Duncan
Justin French wrote:
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you cou
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you could record the user agent into
the session, and check against that -- keeping in mind that the user a
Hi,
i am currently working with sessions and how to secure them as much as
possible.
In an older script of mine, i used session_is_registered() to take care
of this, but according to the manual: "If you are using $_SESSION (or
$HTTP_SESSION_VARS), do not use session_register(), ..." - i can't u
> Try looking at register_shutdown_function at
> http://www.php.net/manual/en/function.register-shutdown-function.php
>From the documentation:
"int register_shutdown_function (string func)
Registers the function named by func to be executed when script processing
is complete."
What qualifies a
10 matches
Mail list logo
