Re: [PHP] Best way to transfer session IDs

2003-07-26 Thread Matthew A. Blasinski
Chris Shiflett wrote: --- "Matthew A. Blasinski" <[EMAIL PROTECTED]> wrote: So, I'm thinking a plausible session id could be made by hashing their identification (to make it useful to the rightful owner only) with a private key (to make it hard to get and guess). I think the identification could b

Re: [PHP] Best way to transfer session IDs

2003-07-25 Thread Chris Shiflett
--- "Matthew A. Blasinski" <[EMAIL PROTECTED]> wrote: > So, I'm thinking a plausible session id could be made by hashing > their identification (to make it useful to the rightful owner > only) with a private key (to make it hard to get and guess). I > think the identification could be their IP, use

Re: [PHP] Best way to transfer session IDs

2003-07-25 Thread Curt Zirzow
* Thus wrote Matthew A. Blasinski ([EMAIL PROTECTED]): > Thanks for the response Chris, that's just the type of thing I was > looking for! > > So, I'm thinking a plausible session id could be made by hashing their > identification (to make it useful to the rightful owner only) with a > private

Re: [PHP] Best way to transfer session IDs

2003-07-25 Thread John W. Holmes
Matthew A. Blasinski wrote: I'm trying to track session data and merge several related services through a common server-side session (using Apache). One condition is that it won't use cookies to store the user data OR the session ID. Another is that the services we're merging use different lang

Re: [PHP] Best way to transfer session IDs

2003-07-25 Thread Matthew A. Blasinski
Thanks for the response Chris, that's just the type of thing I was looking for! So, I'm thinking a plausible session id could be made by hashing their identification (to make it useful to the rightful owner only) with a private key (to make it hard to get and guess). I think the identificatio

Re: [PHP] Best way to transfer session IDs

2003-07-25 Thread Chris Shiflett
--- "Matthew A. Blasinski" <[EMAIL PROTECTED]> wrote: > My question - what is the best way to "know" the session id between > pages? Posting it in the URL and using $_GET["PHPSESSID"] is one > solution, but this seems like a hassle and is also open to attack if > someone could "guess" a valid se

[PHP] Best way to transfer session IDs

2003-07-25 Thread Matthew A. Blasinski
Hi, I'm trying to track session data and merge several related services through a common server-side session (using Apache). One condition is that it won't use cookies to store the user data OR the session ID. Another is that the services we're merging use different languages, including PHP a