Re: [Phplib-users] Sessions where are we going??
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Sessions where are we going??
|
From: Giancarlo <gia...@na...> - 2002-07-01 12:32:23
|
> > Donncha O Caoimh wrote: > > > Take a look at this site, which I linked to from my howto last week, it ... > > > Basically, each vhost gets its own directory, and even session name. But php4 session_name counts nothing. If siteA and siteB store in the same dir, /tmp, a session created by siteA with the URL http://www.siteA.com/i?PHPSESSID=foo can be accessed by siteB with, whose seesion name is 'Peppino', with: http://www.siteB.com/?Peppino=foo because 'PHPSESSID' or 'Peppino' count nothing, in PHP4 session parlance. > > But any other vhost can run a php a script that browses there > > I know, but they can also run a php script that can access the database and > read the session data from the db. I honestly think there's only so much Normally every vhost has its db with its passwords... of course, the other site can have a script that displays as txt the local.inc of the other site, where the pass is written.. Gian |
