On Jun 14, 2003, Ryan A claimed that:
|Hi,
|I have been reading up on the old discussions on this list as i was very
|busy for the past few daysand i saw a very intresting topic regarding
|sessions and security.
|
|I really didnt understand some of the things you guys wrote on hi-jacking a
JH are associated with a specific id. First, URLs carrying session ids. If
JH you link to an external site, the URL including the session id might be
JH stored in the external site's referrer logs. Second, a more active
JH attacker might listen to your network traffic. If it is not encrypted,
JH
--- Clarkson, Nick [EMAIL PROTECTED] wrote:
I am trying to find the best method for implementing
sessions in PHP to track/limit users. However, the
more I read, the more I am concerned about security.
Can anyone give me a definitive answer as to the best
method of tracking users with security
Thanks - I've only just joined the list so must have missed your previous
msgs. I'll give them a read later.
Thanks again.
Nick
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: 23 January 2003 15:28
To: Clarkson, Nick; [EMAIL PROTECTED]
Subject: Re: [PHP
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you could record the user agent into
the session, and check against that -- keeping in mind that the user
Ah,
thanks a lot.
I will add my 2 cents in there then :)
Regards,
Duncan
Justin French wrote:
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you
Try looking at register_shutdown_function at
http://www.php.net/manual/en/function.register-shutdown-function.php
From the documentation:
"int register_shutdown_function (string func)
Registers the function named by func to be executed when script processing
is complete."
What qualifies as
7 matches
Mail list logo