Re: [phplib]duplitcated Session ID? From: Jeroen Laarhoven (jeroen <email protected>)
Date: 09/05/00

>Someone tried to log in ( I think he
>even hadnīt to do ) and got the identification of someone else.

This might also be caused by the fact that the first page of a session
includes a Sid.
If you bookmark this, or even worse a searchengine spider stores it in it's
DB ...

you get others entering with THIS old sid.

Some weeks ago I posted on this list (twice) a PHPLIB change that causes the
first page to refresh a third time, removing the sid from the URL (if
cookies are allowed).

This migth be a solution for you also.

Greetings
Jeroen.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
Jeroen Laarhoven, Zwolle, Netherlands
email: jeroen <email protected>
www: http://jeroen.polder.net
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

----- Original Message -----
From: "Bernhard Voigt" <p19y012 <email protected>>
To: <phplib <email protected>>
Sent: Tuesday, September 05, 2000 11:46 AM
Subject: [phplib]duplitcated Session ID?

Is it possible that the Sid algorithm genrates duplicated IDīs?
Because I got a problem on my page. Someone tried to log in ( I think he
even hadnīt to do ) and got the identification of someone else.
So I think he got a sid ( even before he logged in )wich was still
resistant in the active-sessions table, and so the persistant variables
were assigned to him.
So, do you think Iīm right?
If so, Iīd like to know how to fic this problem.

Greetings Bernhard

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>

---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>