[nycphp-talk] Experts help needed (Sessions)
David Mintz
dmintz at davidmintz.org
Wed Aug 3 09:34:58 EDT 2005
On Wed, 3 Aug 2005, Joseph Crawford wrote:
> Rolan,
>
> I have been trying to think of a method to use that wouldnt rely on the IP
> at all, however i cant base it on the user agent because how many people use
> IE and or FireFox? I cannot base it on the session id as that is what i am
> detecting someone hijacked and then i destroy the session. What else could i
> check? I guess i could use some javascript on the main page to grab some odd
> info from the user maybe something about thier hardware but i am not sure
> how that would go. I am sure Amazon, etc.. dont do that but yet they still
> secure thier sessions..... How?
Here's a possiblity you should look at (sorry if I'm repeating myself):
http://shiflett.org/code/http-developers-handbook/state_example.phps
http://shiflett.org/code/http-developers-handbook/session_example.phps
---
David Mintz
http://davidmintz.org/
More information about the talk
mailing list