[nycphp-talk] Session Thoughts
Mark Armendariz
nyphp at enobrev.com
Fri Oct 31 12:42:52 EST 2003
I defintiely see your point... Do you have a solution for a secure
auto-login?
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Chris Shiflett
Sent: Friday, October 31, 2003 11:57 AM
To: NYPHP Talk
Subject: RE: [nycphp-talk] Session Thoughts
--- Mark Armendariz <nyphp at enobrev.com> wrote:
> Here's how I do it in my login class:
[snip]
> In the top of your site files (an app_top or config or whatever), run
> some sort of:
> if (!logged_in) {
> check_for_login_cookie();
> }
Out of curiosity, when a user's cookie is compromised for whatever reason,
this ensures that the attacker is able to hijack the user's session at any
time in the future?
Or, does the check_for_login_cookie() function require a password or
something before continuing?
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list