[Phplib-users] Sessions where are we going??
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] Sessions where are we going??
|
From: Donncha O C. <don...@tr...> - 2002-07-02 16:02:59
|
I'm afraid I'm not familiar enough with PHP4 sessions to even give a=20 reasonable answer to your first query (how to create new IDs?) Banging my own drum again.. my cookie idea would be less intrusive than=20 opening a new session and should provide as much protection as having a=20 second session open. That's my thoughts on it anyway, I just want someone= to=20 slam the idea down and explain why it's a bad idea so I can start figurin= g=20 out another fix.. anyone with cvs access read this list anymore? Donncha. On Tuesday 02 July 2002 15:23, Giancarlo wrote: > Donncha O Caoimh <don...@tr...> a =E9crit le 2/7/= 02=20 9:59: > >I explained my idea to John > >here at work and he said > >much the same thing. In > >that case we put a timer in > >there and update the key > >every X > >seconds/minutes/hours or > >something. > > It is already damn difficult to have people accept the idea of using a = new > session after auth, only once... And BTW, did you discover a way to hav= e > PHP4 issue a new id when one already exists? This is the basis for both= the > new changes I'd port to session4: block_alien_sid creation and clone se= ss > on authenticated (and I'd add a config to have a cookie_or_noway mode > 'only' after authentication) > > As maybe you know, I don't have 'write access' to cvs anymore, I am > declaratedly lobbying. > > Gian |
