From: <pa...@sq...> - 2000-08-15 12:57:31
|
[Lewis Bergman] > > But the way I understand this, the authentication cookie would change every > > time the user request a page, making it hard to fake a request. > > The addition of get_env(REMOTE_ADDR) would make it almost impossible to > hijack a session. Like Pallo said, some config would be needed for proxy > stuff. Also, I notice another server generated random variablen -> > UNIQUE_ID, Could this be used for these purposes? It changes each time a > request is made. I don't know if it comes from PHP or apache but it is > listed in phpinfo(). It is generated by Apache, but only if you have compiled the unique_id module so you shouldn't assume that it's there (off by default). -- Pål Løberg Initio IT-løsninger AS pallo[at]initio.no http://www.initio.no/ |