 |
 |
 |
 |
|
|
Date: 03/31/00
- Next message: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Previous message: Max A. Derkachev: "[PHPLIB] using md5-related stuff in PHPLIB"
- In reply to: Stephen Neander: "[PHPLIB] Session Hijacking"
- Next in thread: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Reply: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I've checken the session code and as far as i know, IP checking of sessions
isn't implemented. this is a petty because it's an easy to implement
feature wich would make the system considerably more secure (i think). You
can do the checking yourself of course:
<?php
if (!isset($ipadress)) { //first time user visit
$ipadress=$REMOTE_ADDR;
$sess->register("ipadress");
}
else { //
if ($ipadress != $REMOTE_ADDR) {
//session hijacked
echo("Hey Dude, get your ass out of here!");
}
}
?>
A better way to implement this would be to use the class session's
attribute auto_init. I will probably program this feature in the following
week. If interested, contact me...
-
PHP3 Base Library Mailing List. Send messages to <phplib <email protected>>.
To unsubscribe, send "unsubscribe" to <phplib-request <email protected>> in
the body, not the subject, of your message.
- Next message: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Previous message: Max A. Derkachev: "[PHPLIB] using md5-related stuff in PHPLIB"
- In reply to: Stephen Neander: "[PHPLIB] Session Hijacking"
- Next in thread: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Reply: lennart benoot: "Re: [PHPLIB] Session Hijacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]