 |
 |
Find a programming school near you
php3-list | 200003
Date: 03/02/00
- Next message: Gregor Welters: "Re: [PHP3] array overhead not good"
- Previous message: Gregor Welters: "Re: [PHP3] Cron job / PHP file problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Cool, thanks for the help... I think Im about to give up with the cookie
authentication method entirely!
When you say your workaround involves not logging people who dont accept
cookies... well its not those that are causing the problem, they cannot log
on at all. Its the people that have somebody elses cookie that we are
worrying about!
Is there any way to (other than the URL) store information about the people
logging in? I have seen this cookie logging method used on many big
sites... how do they get around the problem with proxy servers? Lastly -
session variables are stored as cookies... do these get fouled up by proxy
servers also?
Thanks,
Adam
----- Original Message -----
From: Jeroen Wesbeek <duh <email protected>>
To: <adam <email protected>>
Sent: Wednesday, March 01, 2000 10:29 AM
Subject: RE: [PHP3] cookies and proxy servers
> Hi :)
>
> Well, we created a logging system based on cookies, but we also have
> problems
> with proxy servers. We use the following idea:
>
> When a user first enters the site, his/her HTTP header info (referer, via,
> ip, host, timestamp,
> browser) are inserted in a start_log (MySQL) and a unique ID is retrieved.
> This unique ID is
> stored in a cookie which expires a soon as the browser is closed.
> When the cookie is present, the user's info (the page he/she is watching
> plus timestamp and ID)
> is inserted in a session_log table.
>
> It works nicely, but we were having problems with some entries. These
users
> had the HTTP via
> set (they were browsing via a proxy/caching server). The problem was that
> they were inserted in
> the start_log every time they were watching a page, so somehow the cookies
> weren't accepted or
> processed correctly byt these proxy servers.
>
> Whe have a workaround now, which is that users who don't accept cookies
(we
> place a test-cookie
> before inserting a real cookie) don't get logged. I know this is not a
good
> thing, but for the
> moment this was the best thing to do to keep our databases clean.
>
> The only solution - as far as I know - is to put these cookie-stored
> variables in your adres-bar.
> for example index.php3?user=sfgkjhdshf&pass=ldfsghsogher49
> I'd rather see the proxy servers worked well with cookies, but appearantly
> they don't.
>
> I hope you can use this info, and, if you find another solution... please
> let me know ;)
>
> Greetings,
>
> Jeroen Wesbeek
> webprogammer
> www.samhoud.nl
>
> -----Original Message-----
> From: Maarten Stolte
> Sent: woensdag 1 maart 2000 11:16
> To: Jeroen Wesbeek
> Subject: FW: [PHP3] cookies and proxy servers
>
>
> sja :)
>
> -----Original Message-----
> From: Adam Powell [mailto:adam <email protected>]
> Sent: Wednesday, March 01, 2000 11:08 AM
> To: php3 <email protected>
> Subject: [PHP3] cookies and proxy servers
>
>
>
> Hi there, I mentioned this to the list a while ago but it never got
> resolved, so I am wondering if anybody has experienced the same problem
with
> cookies that I am...
>
> Basically I set a login/password cookie, encrypting the password, so that
> the command used to set the cookie looks like this :
>
> SetCookie("userpass", $username.crypt("$password", "sl"), time()+36000,
"/",
> ".domain.com");
>
> (forgive me if I have the parameters in the wrong order as I am doing this
> from memory but you get the gist of what I am trying to do!).
>
> Now the problem is that two people on my site from the same ISP are
> mistakenly logging on from each other. For instance I will get an email
> saying 'I logged on and saw somebody elses username', tracing both
usernames
> back they are both from earthlink, or both from AOL. I guess the cookies
> are being cached by the proxy servers, so people are getting each others
> encrypted passwords and being able to log on as each other.
>
> Has anybody experienced this behaviour? Also, is there anything I can do
to
> have a more secure login method using cookies?
>
> Thanks,
> Adam
>
>
> --
> PHP 3 Mailing List <http://www.php.net/>
> To unsubscribe, send an empty message to php3-unsubscribe <email protected>
> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
> To search the mailing list archive, go to:
> http://www.php.net/mailsearch.php3
> To contact the list administrators, e-mail: php-list-admin <email protected>
>
-- PHP 3 Mailing List <http://www.php.net/> To unsubscribe, send an empty message to php3-unsubscribe <email protected> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected> To search the mailing list archive, go to: http://www.php.net/mailsearch.php3 To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Gregor Welters: "Re: [PHP3] array overhead not good"
- Previous message: Gregor Welters: "Re: [PHP3] Cron job / PHP file problem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
