RE: [Phplib-users] Re: latest snapshot (fwd)
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] Re: latest snapshot (fwd)
|
From: Marko K. <M.K...@os...> - 2002-11-07 09:29:02
|
Looks like previous post got lost. otherwise ignore this. ;)
> start session
> if ($_COOKIE['sesscheck'] != $_SESSION['sesscheck'] {
> //bomb out because we are being hijacked.
> }
> $sesscheck = md5(uniqid(rand(),1));
> set_cookie($sesscheck)
> $sess->register('sesscheck');
>
> This would have a similar effect to changing the session id every time!!!!
Looks nice!
But what happens if you're working with frames?!?
Up to now it's possible to work with frames, though it's not very handy.
You just use page_close() in only one frame. But with this scheme you
could will run into severe problems, since at the end of the page the
session wouldn't become saved, although the cookie would be saved already.
Perhaps it would be wiser to issue the set_cookie only in page_close!
Marko
|
