This comes up on the list again and again. Force the person to logout, so that the session is closed... check the posts in the past week for other suggestions.
Andrew ----- Original Message ----- From: "andy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 03, 2002 6:16 PM Subject: [PHP] closing a security hole on user accounts possible? - confirming accounts - history function > Hi there, > > is it possible to block hackers from stealing a session with the history > function of the browser? > > Example: > > A user registeres and recives a confirm e-mail. He confirms and does close > all browser windows. He leaves. > Another user comes to this computer opens the browser and the history and > clicks on the confirm link > > Boom!! He has the session and is able to do all the stuff the other one can. > > How could I close this security hole? Is there a work around? > > Thanx, > > Andy > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
