JH> are associated with a specific id. First, URLs carrying session ids. If
JH> you link to an external site, the URL including the session id might be
JH> stored in the external site's referrer logs. Second, a more active
JH> attacker might listen to your network traffic. If it is not encrypted,
J
On Jun 14, 2003, "Ryan A" claimed that:
|Hi,
|I have been reading up on the old discussions on this list as i was very
|busy for the past few daysand i saw a very intresting topic regarding
|sessions and security.
|
|I really didnt understand some of the things you guys wrote on "hi-jacking a
Thanks - I've only just joined the list so must have missed your previous
msgs. I'll give them a read later.
Thanks again.
Nick
-Original Message-
From: Chris Shiflett [mailto:[EMAIL PROTECTED]]
Sent: 23 January 2003 15:28
To: Clarkson, Nick; [EMAIL PROTECTED]
Subject
--- "Clarkson, Nick" <[EMAIL PROTECTED]> wrote:
> I am trying to find the best method for implementing
> sessions in PHP to track/limit users. However, the
> more I read, the more I am concerned about security.
> Can anyone give me a definitive answer as to the best
> method of tracking users with
Ah,
thanks a lot.
I will add my 2 cents in there then :)
Regards,
Duncan
Justin French wrote:
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you cou
Hi,
There's actually another thread on this topic at the moment... quick
summary:
1. you can't rely on the IP address
2. you can't rely on the referrer
It's been suggested on the list that you could record the user agent into
the session, and check against that -- keeping in mind that the user a
> Try looking at register_shutdown_function at
> http://www.php.net/manual/en/function.register-shutdown-function.php
>From the documentation:
"int register_shutdown_function (string func)
Registers the function named by func to be executed when script processing
is complete."
What qualifies a
7 matches
Mail list logo
