On Apr 7, 2004, at 10:17 AM, Robert Cummings wrote:
On Wed, 2004-04-07 at 09:56, inodes wrote:
Hello,
The PHP manual says it is the developer's job to ensure PHP sessions
cannot
be stolen or "fixed" (this is called Session Fixation).
To minimise the risk of session fixation, I wrote a patch for
On Wed, 2004-04-07 at 09:56, inodes wrote:
> Hello,
>
> The PHP manual says it is the developer's job to ensure PHP sessions cannot
> be stolen or "fixed" (this is called Session Fixation).
>
> To minimise the risk of session fixation, I wrote a patch for PHP-4.3.5 (I
> can port it for the other
Hello,
sure the current user IS the session creator. It is based on client IP
addresses.
A legal user can have multiple IP addresses at the same time. This can
have several reasons...
for example
a) ISP did disconnect him inbetween clicks
b) he is using a proxy but for the https part of your
