[nycphp-talk] Chris Shiftlett's Session Example
Joseph Crawford
codebowl at gmail.com
Wed Aug 3 11:55:26 EDT 2005
http://shiflett.org/code/http-developers-handbook/session_example.phps
guys i have a few questions about this.
here is the snipplet i am concerned with
# Make sure the user agent is correct
$ua_should_be = urldecode($parsed_cookie['ua']);
if ($_SERVER['HTTP_USER_AGENT'] != $ua_should_be)
{
$identity_validated = false;
}
does that seem redundant to anyone else? Why would you store a value in a
cookie (on the clients machine) and then use that to compare to php's
HTTP_USER_AGENT, couldnt the client just edit the cookie to be the same?
Then once they go to the page it will see it as valid.
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050803/1bd063d9/attachment.html>
More information about the talk
mailing list