|
|
Posted by fletch on 10/10/06 09:18
On Oct 10, 7:31 am, ".:[ ikciu ]:." <n...@mail.com> wrote:
> Hmm Uzytkownik <jody.mic...@gmail.com> wrote:
> > prepend.php might look like this:
>
> > <?php
>
> > session_start();
> > if(empty($_SESSION))
> > {
> > // it's a new session, do your thing
> > }this is wrong solution, because some1 can send sesID to other and they will
> work on same session, only one solution - use login and pass then don't
> allow multilogin on same account
This only applies if the session is being used to do something
important of course. Stealing a session may not be dangerous if all it
is used for is, for example, keeping a list of read news group
articles. Also this method has problems in terms of coping with users
who do not log out. You have to build some kind of automatic log out.
I've seen systems like this and they can be a bugger to work with.
I would suggest linking the session to the IP if you're feeling
paranoid.
fletch
Navigation:
[Reply to this message]
|