RE: [Phplib-users] store the IP in the session
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] store the IP in the session
|
From: Rob H. <rob...@ws...> - 2002-12-04 22:51:47
|
Connections are transiant, so there is no way of knowing when the browser closed. This is the reason for timeout on auth and session. They become invalid after X time. Rob Hutton Web Safe www.wsafe.com ********************************************************************** Introducing Symantec Client Security - Integrated Anti-Virus, Firewall, and Intrusion Detection for the Client. Learn more: http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Matt > Williams > Sent: Wednesday, December 04, 2002 2:31 PM > To: phplib-users list > Subject: Re: [Phplib-users] store the IP in the session > > > On Wednesday 04 December 2002 18:16, Giancarlo wrote: > > > > Why not to finish all these IP discussions then? Let's simply > trigger the > > > user to use SSL for safer sessions, which is fairly easy to > do if you've > > > > Excuse me, but if I propose you to click on a link as > > https://phplib.sourceforge.net/showoff.php3?PHPSESSID=1 > > > > you click on it, you login, you place it in your bookmarks, can't I > > steal it afterwards, forever and ever, as long as you use that bookmark? > > > > The typical illiterate snooper exploit is just this. > > But that would be user error. If someone was stupid enought to do > that maybe > they deserve whatever happens to them > > Excuse my ignorance on this but wouldn't a way round it to use > per session > er.. sessions. So as soon as the browser closed the session > ended. Assuming > of course that all reference to the session was removed from > wherever it was > stored on the server. > > matt > > > ------------------------------------------------------- > This SF.net email is sponsored by: Microsoft Visual Studio.NET > comprehensive development tool, built to increase your > productivity. Try a free online hosted session at: > http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > |
