Re: [Phplib-users] store the IP in the session
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] store the IP in the session
|
From: Marko K. <M.K...@os...> - 2002-12-04 16:16:07
|
Hi Kristian, good to see that you are still watching your baby phplib! :) > increment $sess->seq in page_open() as soon as you instantiated wahhh, and this would also cause problems in frame-based sites which have pages which do not call page_close() at the end. We once had discussion about this. That would require to shift the generation of the new hash in page_close instead, being less secure again... I'd also support SSL instead, that would make much easier phplib-wise. All these concerns about securing the session would be handed over to the SSL part. But on the other hand one knows that into SSL one could break in as well... There was another thread about this some weeks ago. But probably one could never make phplib sessioning as secure as SSL is right from the start... I guess. Why not to finish all these IP discussions then? Let's simply trigger the user to use SSL for safer sessions, which is fairly easy to do if you've got your own secure apache running. These auth things seem to be quite settled already. Shouldn't we focus more now on a new phplib4 cvs release which could be based on the snapshot on sf and deploy that in a user-friendly manner? Marko |
