Re: [PHP] Session Theft

2003-03-29 Thread Beauford.2002
uot;Beauford.2002" <[EMAIL PROTECTED]> Sent: Saturday, March 29, 2003 10:04 PM Subject: Re: [PHP] Session Theft > the session is created such that a file is created that (the file contains > all the variables for that perticular user) referenced by the session id. > now cons

Re: [PHP] Session Theft

2003-03-28 Thread Beauford.2002
Can someone explain how this works as I am in the process of doing a login/authentication page and want to make it as secure as possible B. - Original Message - From: "Haseeb Iqbal" <[EMAIL PROTECTED]> To: "PHP General list" <[EMAIL PROTECTED]> Sent: Friday, March 28, 2003 11:48 PM Su

Re: [PHP] Session Theft

2003-03-28 Thread Marek Kilimajer
You can give the users the oportunity to turn ip check on (a checkbox in the login form). There is also a header that is set by many proxies to the ip address of the client, but I don't remember its name (maybe (X-)Forwarded-For) Haseeb Iqbal wrote: i just want to figure out a way by which i c

Re: [PHP] Session Theft

2003-03-28 Thread CPT John W. Holmes
> i just want to figure out a way by which i can stop session theft.i thought > if i can get something from user end that is unique for that user.for e.g. > his/her IP .but it will not work when they are behind firewall.they will be > assigned same IP.is there a way for me to get the IP (e.g.202.20

Re: [PHP] Session Theft

2003-03-28 Thread Jim Lucas
check into forcing the use of trans_sid Jim - Original Message - From: "Haseeb Iqbal" <[EMAIL PROTECTED]> To: "PHP General list" <[EMAIL PROTECTED]> Sent: Friday, March 28, 2003 8:48 PM Subject: [PHP] Session Theft > i just want to figure out a way by which i can stop session theft.i tho

Re: [PHP] Session Theft

2003-03-28 Thread Larry E. Ullman
i just want to figure out a way by which i can stop session theft.i thought if i can get something from user end that is unique for that user.for e.g. his/her IP .but it will not work when they are behind firewall.they will be assigned same IP.is there a way for me to get the IP (e.g.202.202.20

RE: [PHP] Session Theft

2003-03-28 Thread Jon Haworth
Hi Haseeb, > if i can get something from user end that is unique > for that user.for e.g. his/her IP . Firstly, an IP address can be shared between multiple users, or it can change constantly for one user. Here's what a page request from an AOL user looks like (I've snipped the request paths, b