> 1.)
> I see from www.php.net , people said they will generate a Session ID by
> themselves
> srand((double)microtime()*100);
> $unique_str = md5(rand(0,999));
> why not to generate by ourself ?
> PHP will create itself .
Once upon a time, a long time ago, there was no built-in PHP sessi
o ic
check the IP to prevent .
But I have another Q .
1.)
I see from www.php.net , people said they will generate a Session ID by
themselves
srand((double)microtime()*100);
$unique_str = md5(rand(0,999));
why not to generate by ourself ?
PHP will create itself .
2.)
Will Session have pr
Bass??? pressed the little lettered thingies in this order...
> I have a Q.
> will the Session ID be stolen by hacker when the ID tranfer bewteen client
> and server ? Then can the hacker send the ID to server and veiw the user's
> page ?
>
Yes. That *can* happen to any non-encrypted transmiss
interesting question! I'm also interested in it, cause I read somwhere
that its possible to "kidnap" sessions...
"Bass???" <[EMAIL PROTECTED]> schrieb in im Newsbeitrag:
9gvt89$pi5$[EMAIL PROTECTED]
> I have a Q.
> will the Session ID be stolen by hacker when the ID tranfer bewteen client
> an
o:[EMAIL PROTECTED]]
> > Sent: Friday, June 22, 2001 5:09 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: [PHP] PHP authenticating and session management
> >
> >
> > I'm not quite sure if this is the perfect way cause I'm pretty new to
this
> > sessio
I have a Q.
will the Session ID be stolen by hacker when the ID tranfer bewteen client
and server ?
Then can the hacker send the ID to server and veiw the user's page ?
"Jason Stechschulte" <[EMAIL PROTECTED]> ?
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Fri, Jun 22, 2001 at 08:59:54A
Does this depend on cookies?
regards,
jaxon
> -Original Message-
> From: Style|warrioR [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 22, 2001 5:09 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PHP] PHP authenticating and session management
>
>
> I'm not quit
On Fri, Jun 22, 2001 at 08:59:54AM +0430, Arash Dejkam wrote:
> simply check $username and bring up the user's page ? but this makes it
> possible for any hacker to send a cookie with username and see that page. I
> know that PHP stores a unique random number for each session but how can I
> check
I'm not quite sure if this is the perfect way cause I'm pretty new to this
session stuff, too.
but my version looks like this:
[login.php]
a form with username and password field.
submit --> auth.php
[auth.php]
check if username and password are ok (from a text file or your mysql
database)
9 matches
Mail list logo
