Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-08 Thread Justin French
Nope, have no idea... I've just allways been told (and adhered to) the rule that you don't trust anything client side, which would include IP address'. Even if you could get it working for AOL, what about some other ISP located in Australia, South Africa, or anywhere else on the planet that you've

Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-08 Thread M1tch
Just out of curiosity, do you know if any part (e.g. x1.x2.x3.x4) of the IP remains static when AOL changes it? Even if it's only the first part, that's better than nothing. I'm having a headache now, because I'm already behind schedule, and this has just thrown a spanner in the works :( (but sti

Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-08 Thread M1tch
Ooooh, it's a lesson every day! Right, back to the drawing board :( "Justin French" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote: > > > Why not just use IP? > > I created a nice system, whereby if your IP

Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-07 Thread Justin French
on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote: > Why not just use IP? > I created a nice system, whereby if your IP is changed (or someone is > hacking your session), the session is destroyed, and the user must log in. > Does not add much overhead either. large ISPs like AOL use variable

Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-07 Thread M1tch
Does it change the IP address while the user is connected? I didn't think that was possible... I only use sessions to store username/password and other limited variables, it's only if they log off and back in again that's they have to log out, and separate cookies automatically handle the login th

Re: [PHP] Re: Proposal for securing PHP sessions

2002-09-07 Thread Philip J. Newman
Sent: Sunday, September 08, 2002 8:34 AM Subject: RE: [PHP] Re: Proposal for securing PHP sessions > You're going to be shutting out a lot of AOL users (bah! who needs em! ;p) > if you do that, as AOL changes a user's IP address about as often as you > read the word "the&qu

RE: [PHP] Re: Proposal for securing PHP sessions

2002-09-07 Thread Dave at Sinewaves.net
You're going to be shutting out a lot of AOL users (bah! who needs em! ;p) if you do that, as AOL changes a user's IP address about as often as you read the word "the"... Dave -Original Message- From: M1tch [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 07, 2002 12:05 PM To: [EMAI