Is there a really good way to use PHP Session to tell whenether the user is
authorized user or not? I see one problem here, let's say the user tried to
access certain webpages that are unauthorized then I get to kick the user
out. But when the user logged in, we assigned a session token to it,
--- Scott Fletcher [EMAIL PROTECTED] wrote:
Is there a really good way to use PHP Session to tell whenether the
user is authorized user or not?
Yes, there are many good ways, and I'm sure I'm not even aware of many of
them.
I see one problem here, let's say the user tried to access certain
. A short session timeout will minimize session stealing, but
aggravate your users.
hope this helps,
Warren Vail
-Original Message-
From: Scott Fletcher [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 10:19 AM
To: [EMAIL PROTECTED]
Subject: [PHP] session issues for unauthorized access
At some point, the user is going to have to be responsible for his/her own
actions. After all, I can log into my bank's Web site and then let someone
else use my computer, and there's no way my bank can prevent it.
Sure the bank can prevent it or otherwise my bank would never use the
website in
Hello Scott,
Tuesday, January 6, 2004, 7:19:55 PM, you wrote:
SF Sure the bank can prevent it or otherwise my bank would never use the
SF website in the first place. My bank doesn't use PHP, it use JAVA and
SF surprisely, it work very well.
Really? How would your bank determine the difference
] session issues for unauthorized access?
At some point, the user is going to have to be responsible for his/her own
actions. After all, I can log into my bank's Web site and then let someone
else use my computer, and there's no way my bank can prevent it.
Sure the bank can prevent it or otherwise my
--- Scott Fletcher [EMAIL PROTECTED] wrote:
At some point, the user is going to have to be responsible for his/her
own actions. After all, I can log into my bank's Web site and then let
someone else use my computer, and there's no way my bank can prevent
it.
Sure the bank can prevent it
7 matches
Mail list logo