RE: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] Re: latest snapshot
|
From: Rob H. <rob...@ws...> - 2002-11-05 12:50:30
|
Can't you shift modes now by having two sessions, one with get, one with only cookies, and two auths in local.inc? BTW, why would you use get in the first place unless the browser is not accepting cookies. If that is the case, then you can't use cookies anyway? Thanks, Rob Hutton Web Safe www.wsafe.com > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Giancarlo > Sent: Tuesday, November 05, 2002 3:13 AM > To: Marko Kaening; Joe Stewart > Cc: phplib-users list > Subject: Re: [Phplib-users] Re: latest snapshot > > > I particularly like the fact that snapshot is compatible with the > traditional > session.inc. > As we were speaking about credit card etc, I'd like tomention > that in using > any authentication, the control over the session propagation > becomes vital to > security, and php4 ofeers zero control on that. I am sure that > session.inc > could acquire some speed by the builtin serializations for the data > representation, and the save handlers could be quick, but I'd like a more > controlled propagation in general. > One of the things I think everyone really needs is the > possibility to shift > from a less secure get/trans-sid propagation method, to a more secure > only_cookies propagation, reissuing a new session of the latter type and > migration all the old session values in it. This means that once > authed you > get a new session, possibly of the stronger type. > BEcause the fact that anyone can be driven into 'get' mode and accept any > users-choice-unpredictable sid... > > |
