It's common for IP addresses to change while people are surfing. So you may be needlessly kicking people out.
---John Holmes... ----- Original Message ----- From: "Adam Voigt" <[EMAIL PROTECTED]> To: "Shaun" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, October 24, 2002 9:01 AM Subject: Re: [PHP] sessions > You could, on the page where it initially creates there session, > get there IP address and make that a session variable, then in > one of your include files which is called on every page, check to > see if the current users's IP match's the one of the $_SESSION[ip] > variable, if it doesn't, just stop them dead with an exit; statement. > > Course this won't help for people behind the same public IP, but > it's a start. You could also verify against what the browser identify's > itself as, etc. > > Adam Voigt > [EMAIL PROTECTED] > > On Thu, 2002-10-24 at 08:32, Shaun wrote: > > Hi, > > > > If i use sid in the url , is it dangerous - can hackers gain info on > > important variables storing username and passwords or is it save to use , if > > not what should i do. > > > > shaun > > > > > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
