Join Up! 104886 members and counting!

Login To PHPBuilder User Name: Password: Register A New Site Account * NOTE: This is for logging into the main site only! To login to the forums, click here

Linux Today Enterprise Linux Today Apache Today JustLinux.com Linux Planet PHPBuilder All Linux Devices Hiermenus DatabaseJournal Technology Jobs Covalent Extends Apache 2.0 to Microsoft ASP.NET ShopWorX - Support for Windows PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Network Risk Assessment Full-Featured, Java-Based Apache GUI 10 Easy Solutions for PHP String Manipulation Use PHPUnit to Implement Unit Testing in Your PHP Development Developing a Ajax-driven Shopping Cart with PHP and Prototype Graphing With Flash (SWF) Introduction to WML, Apache, and PHP

php3-list | 200003

From: Adam Powell (adam <email protected>)
Date: 03/01/00

• Next message: Wico de Leeuw: "Re: [PHP3] array overhead not good"
• Previous message: Mark Nold: "[PHP3] Re: Question for Oracle Guru's"
• Next in thread: Adam Powell: "Re: [PHP3] cookies and proxy servers"
• Maybe reply: Adam Powell: "Re: [PHP3] cookies and proxy servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi there, I mentioned this to the list a while ago but it never got
resolved, so I am wondering if anybody has experienced the same problem with
cookies that I am...

Basically I set a login/password cookie, encrypting the password, so that
the command used to set the cookie looks like this :

SetCookie("userpass", $username.crypt("$password", "sl"), time()+36000, "/",
".domain.com");

(forgive me if I have the parameters in the wrong order as I am doing this
from memory but you get the gist of what I am trying to do!).

Now the problem is that two people on my site from the same ISP are
mistakenly logging on from each other. For instance I will get an email
saying 'I logged on and saw somebody elses username', tracing both usernames
back they are both from earthlink, or both from AOL. I guess the cookies
are being cached by the proxy servers, so people are getting each others
encrypted passwords and being able to log on as each other.

Has anybody experienced this behaviour? Also, is there anything I can do to
have a more secure login method using cookies?

Thanks,
Adam

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin <email protected>

• Next message: Wico de Leeuw: "Re: [PHP3] array overhead not good"
• Previous message: Mark Nold: "[PHP3] Re: Question for Oracle Guru's"
• Next in thread: Adam Powell: "Re: [PHP3] cookies and proxy servers"
• Maybe reply: Adam Powell: "Re: [PHP3] cookies and proxy servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Columns / Articles | Tips / Quickies | News | News Linking and RSS Feeds | Shared Code Library Mail Archives | Support / Discussion Forums | Get Started! Links | Contribute! | Docs