Menu
▾
▴
Re: [Prometheus-library] Passwords and stuff
|
From: Jason O. <ze...@ze...> - 2001-03-15 22:32:51
|
Even if the user decided to post a serialized version of $user, then the session would overwrite that varabile. On Thu, 15 Mar 2001, Oskar wrote: > No, if I'm getting right, sessions in PHP are made > the same way as sessions in all other tools, that means > only unique session ID is sent between pages. > Variables registered into session are serialized and stored but > they are stored at the server side. > When you are accessing page and calling session_start(), > session ID is checked (taken either from cookie or URL rewriting), > next local store is searched for proper file (or database entry) and > all variables are recreated from that store. None of registered > variables is sent through HTTP. > > > Oskar > > On Tue 13. March 2001 18:58, you wrote: > > I'm looking in ./prometheus/db/User_Db/User.object and I wonder about the > > fact that the user object has a member variable of 'password'. > > > > I am very new to PHP, so I hope someone can explain this me gently: > > > > If in PHP4 I were to session_start() and session_register() a user object, > > would the user object be serialized and passed via POST to the next page in > > the clear? > > If so, could a Prometheus user compromise his website by registering a user > > object? > > > > I don't really understand sessions in PHP4 that well. > > _______________________________________________ > Prometheus-library mailing list > Pro...@li... > http://lists.sourceforge.net/lists/listinfo/prometheus-library > |
