--- Hardik Doshi <[EMAIL PROTECTED]> wrote:
> I read your article about session security on php magazine as well
> as on php architect. Both are very nice articles.
Thank you. :-)
> I would like to ask you what is the reason you are not suggesting
> to use IP address as one of the parts in genera
> > Nice article by the way, and I am indeed already
> using those same
> > methods to secure the user session. (I use SHA1 on
> the IP, PHPSESSIONID,
> > user agent, and a secret...)
>
> Thanks for the kind words. I must point out that
> you'll never see me
> suggesting to use the IP address for
--- Tim Traver <[EMAIL PROTECTED]> wrote:
> what I meant by the session data getting stored locally is that it is
> local to the web server, not locally on the client browser.
I see. My apologies.
Perhaps we should both refrain from using locally and instead use server
and client to be clear. :-)
Chris,
ok, let me start over a little bit...
what I meant by the session data getting stored locally is that it is local
to the web server, not locally on the client browser. I understand how
session variables work. I just said local, and i was thinking
server...sorry about that...
what i mea
On 8 Mar 2004 Tim Traver wrote:
> I sent a new session ID with the link to the new window like this :
>
>
>
> but all it does is change the current session id to the new one, so if I go
> back to the main window, it carries the new session into it.
I think this is trickier than it sounds. Ca
--- Tim Traver <[EMAIL PROTECTED]> wrote:
> I sent a new session ID with the link to the new window like this :
>
>
>
> but all it does is change the current session id to the new one, so if
> I go back to the main window, it carries the new session into it.
Yeah, you're only using one browser,
hthat didn't work.
I sent a new session ID with the link to the new window like this :
but all it does is change the current session id to the new one, so if I go
back to the main window, it carries the new session into it.
The reason I'm doing the access control through sessions is s
--- Tim Traver <[EMAIL PROTECTED]> wrote:
> As an administrator, you log in to the main application. session id's
> keep track that you are authenticated, and who you are.
>
> In the application, you can get a list of the other users on the
> system. From that user list, I want to be able to launc
Chris,
ok, here's what the application is about.
As an administrator, you log in to the main application. session id's keep
track that you are authenticated, and who you are.
In the application, you can get a list of the other users on the system.
From that user list, I want to be able to laun
--- Tim Traver <[EMAIL PROTECTED]> wrote:
> What I want to be able to do is to open a new window from my
> application that has a new session, without disturbing the current
> session.
Can you elaborate on this a little? This approach seems very odd to me,
and I feel certain that it must be unnece
I quess you should start another session with another name
session_name("newApp");
session_start();
Vincent
-Original Message-
From: Tim Traver [mailto:[EMAIL PROTECTED]
Sent: dinsdag 9 maart 2004 0:01
To: Jason Davidson
Cc: [EMAIL PROTECTED]
Subject: Re: [PHP] new sess
Hthat would mean that anywhere I used sessions I would have to
specify a window name, right ?
and where do I determine the window name ?
not sure that would work with what I want to do...I just want to start a
new window like I would start it if I opened a fresh IE window. Each of
thos
could create an array to hold the same session?
This may not at all be what your looking for, but ive used something
similar to this when building a wizard class to handle storing states
in wizard steps.
like
$_SESSION['mySessions']['WindowOne'] = array($userid, $loginTime, $etc)
$_SESSION['mySes
Hi all,
I am programming an interface using PHP and rely on sessions to keep state.
What I want to be able to do is to open a new window from my application
that has a new session, without disturbing the current session.
I know that I can kill the current session and start a new one, but that's
From: "Golawala, Moiz M (IndSys, GE Interlogix)" <[EMAIL PROTECTED]>
> My problem is that I get a new Session Id with every
> request I send to the server. For that reason I am unable
> to share variables between pages using sessions. (I get a
> new session Id even I refresh the same page). The c
My problem is that I get a new Session Id with every request I send to the server. For
that reason I am unable to share variables between pages using sessions. (I get a new
session Id even I refresh the same page). The code below prints out different session
id for "page1.php" and "page2.php". C
What are the benefits of trusting any id provided by the user, when
creating a new session? Why should we allow users to create their own
session id, and maybe pass them around? Or being driven to some session
faked/created by someone else?
Can we control that a new session id has been effectivel
Is it possible that the PHP session features will accept as new any id
not generated by the webserver itself?
And where's the utility of that? Isn't it an enormous hole?
Gian
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Yes, always remember that unset() deletes the REFERENCE to the variable, not
the variable itself, so in the next page, when you session_start() again,
the reference is recreated to the still existing value.
So, session_unregister is fundamental to unregister the reference from the
session.
To de
> I somehow cannot unset Session variables. If I set for example
> $_SESSION["error"]="formcheck" (the new style) and I want to unset it
> at the end of the page (unset($_SESSION["error"])), it's there again on
> the next page.
>
> Is there a special way to unset the new Session variables?
Seen a
Hi,
I somehow cannot unset Session variables. If I set for example
$_SESSION["error"]="formcheck" (the new style) and I want to unset it at the
end of the page (unset($_SESSION["error"])), it's there again on the next
page.
Is there a special way to unset the new Session variables?
I am using W
Hello !
I want the user to have a chance to reset the session and get a new
session_id on one page.
I tried:
session_name("MyId");
session_register("MyId");
session_unregister("MyId");
session_register("MyId");
But it doesn't worked. session_destroy doesn't work, too.
What I want is, the PHP
22 matches
Mail list logo
