no offense for anyone at all. I was just wondering myself and threw it in
the group discussion.
Eelco.
> I never wanted this question to be an offense for anyone. I thank you all
> for your answers.
>
> Regards
> PHPLover
>
> Lux <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMA
I never wanted this question to be an offense for anyone. I thank you all
for your answers.
Regards
PHPLover
Lux <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> It's unlikely I suppose, but there's a must-have book you should look at
> if you want info on hack
It's unlikely I suppose, but there's a must-have book you should look at
if you want info on hacks, including browser hacks (Hacking Exposed:
Network Security Secrets and Solutions, 2nd Edition). The cookie hack
that comes to mind only works in IE or MS products (but that's only
what, 90% of
> > In case of login/password required sites, I use the login and
> password as
> > cookie values and have _no_ expiredate set. Every time a request is made
> > _both_ cookie values (login and password) are checked with that on the
> > server.
>
> I would hope that you are not storing and matching
Eelco de Vries wrote:
> This will store a cookie with a userid and an unique number ($token) as
> session-id (??).
> If I'm not mistaken, this session-id is not checked here. Thus serves no
> purose. Anybody who retrieve the cookie from the cookie file on the system
> can use it to resume the ses
This will store a cookie with a userid and an unique number ($token) as
session-id (??).
If I'm not mistaken, this session-id is not checked here. Thus serves no
purose. Anybody who retrieve the cookie from the cookie file on the system
can use it to resume the session (if done within the set 360
Try this:
// Set Cookie if not already set
if (!isset($user_id)) {
$token = md5(uniqid(rand()));
setcookie("user_id", $token, time()+3600,"/",".yourdomain.com");
}
look at the setcookie function on php.net to figure out all the parameters:
http://www.php.net/manual/en/function.setcookie.ph
7 matches
Mail list logo
