[nycphp-talk] Experts help needed (Sessions)
Joseph Crawford
codebowl at gmail.com
Wed Aug 3 08:32:24 EDT 2005
I finally solved this problem in realizing that you cannot run the IP (or
other method) check within the session class rather you have to have a
normal function that get's called right after session_start(); This solved
my problems and allowed me to change the users session_id when a session was
hijacked. Also i turned COOKIES ONLY to on using ini_set so users can no
longer use the querystring. Now i need to figure out a way to check if
cookies can be set, if not dont allow them to use the site ;)
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050803/d56ee444/attachment.html>
More information about the talk
mailing list