> > I want to use PHP4 sessions for authentication, > > Ok, stop right there. Sessions and authentication have nothing to do with > each other. To create a secure authenticated site you should be using > HTTP-based authentication over SSL. Sessions are simply for maintaining > state across http requests and have nothing to do with authentication. > > -Rasmus So setting a 'loggedin' session variable once a person has authenticated, and checking for that session variable each request before proceeding is not ok? jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
- [PHP] Stopping stolen / spoofed / linked sessions adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Stephen Cope
- Re: [PHP] Stopping stolen / spoofed / linked sessi... teo
- RE: [PHP] Stopping stolen / spoofed / linked sessi... scott [gts]
- RE: [PHP] Stopping stolen / spoofed / linked sessi... David Price
- RE: [PHP] Stopping stolen / spoofed / linked s... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / linked s... Jason Brooke
- Re: [PHP] Stopping stolen / spoofed / link... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / linked s... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoofed / link... Rasmus Lerdorf
- Re: [PHP] Stopping stolen / spoofed / ... adam (dahamsta)
- Re: [PHP] Stopping stolen / spoof... Christian Reiniger
- Re: [PHP] Stopping stolen / spoofed / linked sessi... adam (dahamsta)
- RE: [PHP] Stopping stolen / spoofed / linked sessi... Robert Klinkenberg
- Re: [PHP] Stopping stolen / spoofed / linked sessi... Bill Rausch
- Re: [PHP] Stopping stolen / spoofed / linked s... Christopher Ostmo
