[nycphp-talk] Session Thoughts
Keith Richardson
keith.richardson at thompsonhealth.com
Fri Oct 31 12:44:05 EST 2003
for a little bit of stability, you could store the session id and ip address
in a database, so that that session can only be used by that ip.. but that
wouldnt help people who move from computer to computer..
i would think of looking at some other source code, like phpbb, and see how
they do things. im not sure if those are "secure" logins when they re-log
you on, but its something to get ideas from.
-----Original Message-----
From: talk-bounces at lists.nyphp.org
[mailto:talk-bounces at lists.nyphp.org]On Behalf Of Mark Armendariz
Sent: Friday, October 31, 2003 12:43 PM
To: shiflett at php.net; 'NYPHP Talk'
Subject: RE: [nycphp-talk] Session Thoughts
I defintiely see your point... Do you have a solution for a secure
auto-login?
-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On
Behalf Of Chris Shiflett
Sent: Friday, October 31, 2003 11:57 AM
To: NYPHP Talk
Subject: RE: [nycphp-talk] Session Thoughts
--- Mark Armendariz <nyphp at enobrev.com> wrote:
> Here's how I do it in my login class:
[snip]
> In the top of your site files (an app_top or config or whatever), run
> some sort of:
> if (!logged_in) {
> check_for_login_cookie();
> }
Out of curiosity, when a user's cookie is compromised for whatever reason,
this ensures that the attacker is able to hijack the user's session at any
time in the future?
Or, does the check_for_login_cookie() function require a password or
something before continuing?
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk
More information about the talk
mailing list