Re: [PHP] Cookie semi-security.

Thu, 25 Jan 2001 07:06:45 -0800 

Next stupid question:  How do you enable track_vars when you don't have
access to any configuration files?  Can it be done with an .htaccess or in
the script itself?

Also, if running Apache/php4/etc. on your home (windows 98 & 2000) computers
just for development purposes, if you go to http://localhost/etc and a
script attempts to set a cookie, will it work properly?  I'm having a lot of
trouble with getting cookies to appear at all before uploading, yet this
isn't happneing on my hosting account (unix/apache/php3).

----- Original Message -----
From: "Toby Butzon" <[EMAIL PROTECTED]>
To: "April" <[EMAIL PROTECTED]>; "PHP General" <[EMAIL PROTECTED]>
Sent: Wednesday, January 24, 2001 4:07 PM
Subject: Re: [PHP] Cookie semi-security.


> Enable track_vars in php's config and use
> $PHP_COOKIE_VARS['cookie_id'] to get the value of the
> cookie.
>
> --Toby
>
> ----- Original Message -----
> From: "April" <[EMAIL PROTECTED]>
> To: "PHP General" <[EMAIL PROTECTED]>
> Sent: Wednesday, January 24, 2001 5:06 PM
> Subject: [PHP] Cookie semi-security.
>
>
> > Stupid question, but I'm stumped.
> >
> > I'm passing a persons id through a cookie, then using that
> to determine if
> > they're allowed to be doing what they're trying to do
> (change listings,
> > etc.).  Right now, I'm getting the value of the cookie by
> just accessing
> > $cookie_id, without anything fancy. The problem is, if
> someoen just denies a
> > cookie and adds ?cookie_id=9 at the end, they might as
> well be the person
> > with an id of 9.   Is there a way for me to check and be
> sure that that
> > value came from a cookie, and not the url bar?
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> > To contact the list administrators, e-mail:
> [EMAIL PROTECTED]
> >
> >
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to