[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 19, 2002 10:03 AM
To: PHP List
Subject: Re: [PHP] sessions not so secure..solution?
On Tue, Mar 19, 2002 at 08:37:43AM -0800, PHP freak wrote:
> BUT - it's actually happening often that someone linking to our store
> from their own webs
On Tue, Mar 19, 2002 at 08:37:43AM -0800, PHP freak wrote:
> BUT - it's actually happening often that someone linking to our store
> from their own website is including the long SESSID in the URL
> that links to us, to that everyone who follows that link from
> that website is getting the same sh
I came to the PHP list today with the same question/problem.
My cart doesn't require cookies. If the user doesn't have them it just puts the
SESSID in the URL. (Good ol PHP!)
BUT - it's actually happening often that someone linking to our store
from their own website is including the long SES
I can't answer your overall question but I can tell you that a 'resourceful'
hacker can also easily spoof an IP address, or so I'm told ;)
Why not just have the entire session encrypted. The user could browse
around the catalog sessionless and as soon as a cart was necessary (wants to
put someth
4 matches
Mail list logo
