Re: Rp.: Re: [Phplib-users] Sessions where are we going??
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: Rp.: Re: [Phplib-users] Sessions where are we going??
|
From: Donncha O C. <don...@tr...> - 2002-07-02 08:59:43
|
I explained my idea to John here at work and he said much the same thing.= In=20 that case we put a timer in there and update the key every X=20 seconds/minutes/hours or something. I just did a little experiment. I reloaded a page that uses php4 sessions= =20 through phplib and did an ls -l /tmp to see if the session file was updat= ed.=20 The file was, so it doesn't matter how often you update the key, the sess= ion=20 file is written out (either that or the file is touched by php4.. can any= one=20 shed any light on that?)=20 Next thing is to put those session files on a ram drive :) I think it's probably an idea worth looking at, does anyone else=20 agree/disagree/care? Donncha. On Monday 01 July 2002 17:48, Giancarlo wrote: > Donncha O Caoimh <don...@tr...> a =E9crit le 1/7/= 02=20 14:23: > >Just a thought for an extra > >layer of protection for the > >user: > >The first time the user visits > >the site we set a cookie on > >their browser with > >some very random number > >as the key. Store the value > >of the key in the > >session. > >Each time after that modify > >the key, set the cookie, and > >store it in the > >session. > > That would be heavy on the server. Imagine a multi-frame where each tri= es > to lock&write in very rapid sequence... Maybe ok for terminal like > screens, tellers, mono thread slow stuff. |
