[nycphp-talk] Session Thoughts
Chris Shiflett
shiflett at php.net
Fri Oct 31 11:57:09 EST 2003
--- Mark Armendariz <nyphp at enobrev.com> wrote:
> Here's how I do it in my login class:
[snip]
> In the top of your site files (an app_top or config or whatever),
> run some
> sort of:
> if (!logged_in) {
> check_for_login_cookie();
> }
Out of curiosity, when a user's cookie is compromised for whatever
reason, this ensures that the attacker is able to hijack the user's
session at any time in the future?
Or, does the check_for_login_cookie() function require a password or
something before continuing?
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
More information about the talk
mailing list