|
|
Posted by l3vi501 on 07/04/06 17:50
dimo414 wrote:
> >Beyond that, if you modify your php.ini
> script, session control can be in the URL, for those who don't allow
> cookies.
I think it is good to note that many forum scripts used url sessions
for a while and found out that it turned into a problem when the user
followed a url on the forums to another site.
Anyone that had access to the referral logs on the other site could
follow the url back with the session id in the url and start posting as
the other user as long as the session was still active.
If one does follow this route, you will not want to provide any
outgoing urls to other sites. I have also seen strange stuff from other
sites that use this and they never had a link to my site, but from what
I can tell the user typed in my url and their browser decided to tell
my site that the other site referred them to my site with the session
in the url. Go figure!
ctclibby wrote:
>>Out of curiosity I looked at some of
> the ones that exist on my box and found that some wouldn't expire until
> 2059 ( hmmm, wonder if I will still be breathing? 100+ YO )
Hehe.. By then you just may hold the world record for using a computer
longer then anyone expected, as well as having one slow load time to
the current amount of data that will be used by then. But by then if
you don't already have one foot in the grave you probably wont notice
as you probably will be slower then your computer. LOL
Some IE browsers are known to treat cookies that don't expire for a
long period of time as a session. Very annoying if you cant figure why
your cookies keep on being dropped when a user closes their browser,
then returns the next day and keeps complaining that your site is
broken.
Ctclibby is 100% right, it is best to think about what you are trying
to accomplish, as well as what type of data you will be providing or
storing and the security you will need or want to keep things running
smoothly.
One of the problems I had when I was a newbie in building scripts that
ran at the current traffic level, and I did not think of the future
traffic and expense/revenue levels that I would need to keep the site
running smoothly. When the sites(s) started to get thousands/millions
of users a day I found out very quickly that I had to go back and rip
the bastard scripts out and do it over or upgrade the server to handle
the load, which just ran me more money and time. It is always best to
spend more time planning your scripts to run under heavy lead, and more
security with just the right amount of room for expansion. But all
that's a little bit off for session based scripts, not a lot of work
being done their, but something to think about as you put it together!
Navigation:
[Reply to this message]
|