I would also be interested in seeing the code as well. If you could also
e-mail it to me, I would be very appreciative.
Ben
-Original Message-
From: Jason Sheets [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2003 4:56 PM
To: Wouter van Vliet
Cc: PHP General
Subject: Re: [PHP
x27;s also do things like
that?
Wouter
-> -Oorspronkelijk bericht-
-> Van: Jennifer Goodie [mailto:[EMAIL PROTECTED]
-> Verzonden: zaterdag 13 september 2003 0:37
-> Aan: Wouter van Vliet; PHP General
-> Onderwerp: RE: [PHP] Session stealing, ..
->
->
-> >
>This all probably takes care about the problem with session id's in the
>query string, which is known as referrer to the next website our visitor
>visits. What I'm worrying and wondering about now are other users of the
>server my site's at. They can most likely go into the /tmp folder and
>just r
I wrote a custom session handler that encrypts the session before it is
stored in /tmp that way even if someone has access to the session files
they are useless.
It stores the randomly generated encryption key on the user's client
base64_encoded, which can be intercepted as well all know but it
> 93 # When deserialized we are called and need to check if the
> stored IP address equals the client's
> 94 function __wakeup() {
> 95 global $Log;
> 96 if ($_SERVER['REMOTE_ADDR'] !=
> $this->Night['IP']) {
> 97
5 matches
Mail list logo