I sent a new session ID with the link to the new window like this :
<a href="?PHPSESSID=123456789" target="_blank">
but all it does is change the current session id to the new one, so if I go back to the main window, it carries the new session into it.
The reason I'm doing the access control through sessions is so that I don't have to pass any info in URL's and re-authenticate a user every time they hit a page. By saving that information locally in session variables, none of that info gets out, and no one can spoof it.
If I open a brand new window, it creates a new session ID for that window. I just can't seem to get it to create a new session ID when creating a popup window...
Any other ideas ?
Tim.
wrote:
--- Tim Traver <[EMAIL PROTECTED]> wrote: > As an administrator, you log in to the main application. session id's > keep track that you are authenticated, and who you are. > > In the application, you can get a list of the other users on the > system. From that user list, I want to be able to launch a new window > that logs you in as that user, while leaving your administrator window > alone.
Yeah, the method I mentioned will work for this.
You may also consider whether your access control can make this unnecessary. You can achieve this sort of thing in your programming logic. But, whatever makes you happy and works. :-)
Chris
===== Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
