 |
 |
 |
 |
|
|
Date: 08/27/00
- Next message: Bernhard Ostheimer: "[phplib] Again: [phplib] Cookie-sessions and download"
- Previous message: Mike Green: "Re: [phplib] mod_rewrite for sessionids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michael Chaney writes:
>For those of you who think that this is terrible, note that if you
>turn off cookies, go to cdnow.com, login, and send the url to a
>friend, they'll be logged in as you if they go to that url within a
>couple of hours. This problem isn't limited to phplib, it's just a
>side effect of using get variables to track sessions.
>For those of you who think that we should just watch ip addresses,
>watch someone use your site via AOL sometime :)
Meybe this could be solved by checking $HTTP_REFERER. If referrer is
outside your site, then dump the session and create new one.
OTOH, there are proxies that strips nearly everything including
referer info, so I guess this boils down to choosing lesser evil :)
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Bernhard Ostheimer: "[phplib] Again: [phplib] Cookie-sessions and download"
- Previous message: Mike Green: "Re: [phplib] mod_rewrite for sessionids"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]