Re: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: latest snapshot
|
From: Giancarlo <gia...@na...> - 2002-11-07 08:10:37
|
Il 05:44, gioved=EC 7 novembre 2002, Richard Archer ha scritto: > At 23:29 -0500 6/11/02, Rob Hutton wrote: > >Interesting idea about changing the session ID.=20 Yes, because if anyone did know, or suggest us, a known session id to ent= er=20 an unauthed session, once we are authed that sid is discarded, so the=20 'knowing suggestor' cannot folow us there. And when we reissue the session, this would be the right moment for chang= ing=20 the session type if we want, let's say from a file mudule, to a custom=20 db_module, so once logged in our session sits more secure into the db. This would be a good compromise bethween speed and open access (everyone = can=20 use the session features, even with cookies disabled, full speed because = php4=20 native),, nad once logged in things get more tight, at a slight performan= ce=20 cost, but maximum safety=20 |
