Posted by Rik Wasmus on 10/31/07 21:04

On Wed, 31 Oct 2007 21:56:57 +0100, floortje <none@none.none> wrote:

> Op 2007-10-31 21:30:58 +0100, zei "Sanders Kaufman" <bucky@kaufman.net>:
>>> of the username, ip and supersecret
>>> match the hd5hash in the cookie
>> I use a "loginCookieValue" (UUID) in the users database.
>> Every page-view gets a new one.
>> That way - even if a would-be hacker steals a "session" for one page, it
>> won't be good for the next.
>
> Even better offcourse but i'd still check the ip.

Then you'll be quite miserable with for instance AOL users. Sometimes
those people seem to change IP (during a session I might add) due to their
proxy network I believe...
--
Rik Wasmus

• Next in forum: Re: Session or browser problem??
• Prev in forum: Re: Multiple Domains; 1 Server; 1 PHP Install; Only One Domain Has A Working PHP; WHY??????
• Thread view: Re: how to create 'remember login' functionality during login

[Reply to this message]