Re: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: latest snapshot
|
From: Giancarlo <gia...@na...> - 2002-11-05 18:48:40
|
Il 13:52, marted=EC 5 novembre 2002, Rob Hutton ha scritto: > Can't you shift modes now by having two sessions, one with get, one wit= h > only cookies, and two auths in local.inc? =20 > BTW, why would you use get in > the first place unless the browser is not accepting cookies. If that i= s > the case, then you can't use cookies anyway? with php4 you can force get mode and an id of your own choice by simply=20 opening an url with your-choice sid in it. Must be not a cookie already a= t=20 your browser. And php4 doesn't really tell me when this session is a just-new-issued on= e or=20 a preexistent one. I can nnever be sure when my session is fresh,=20 uninitialized. If you want to block anything (eg: registration submission) by requiring = that=20 the client has previously obtained a session from you, you can't. And with php4 I couldn't obtain to reissue a second session after a firs= t=20 one. If you want to ignore sessions provided in the url that were not previous= ly=20 issued by yourself, you cant. There can exists sharable sessions, user ca= n=20 choose his 'unpredictable' session id. Cookie-enableb client, but vergin = on=20 our cookies, can be forced into accepting any sid from the URL get method= =2E I want to open as much as possible the public access, to anyone with or=20 without cookies. But for the authed access I want to have a strictier pol= icy. Gian |
