Posted by Bradley Holt on 09/14/05 15:57
First, are you only storing user_id in cookies? This sounds like a
security problem. I'm guessing your user_ids are sequential and thus
easily guessed. Someone could easily create a fake cookie with a
guessed user_id and now have access to your system. You'll want to
create some sort of randomly generated md5 hash which is a lot harder
to guess (almost impossible). Or, you could just use PHPs built in
session handling which does this for you automatically.
Does this problem only happen on specific computers and not on others?
If so, it sounds like the security settings of the web browsers on
those computers are not allowing cookies.
--
Bradley Holt <bradley.holt@gmail.com>
http://www.gtalkprofile.com/profile/2.html
[Back to original message]
|