Usually my system are templates and OOP based, so if you change the main
function that handles the links...
btw I dont know if you thought about this, in order to deny any kind of
session fixation and X/CSRF (cross site forgeries) you better write down
some $_GET forwarded token system ;)
CSRF - a
-Mensagem original-
De: Nitsan Bin-Nun [mailto:[EMAIL PROTECTED]
The session.use_trans_sid setting automaticly adds
> sid=**(32-chars-sess-id)**
>
to the url's of the website,
it should solve your problem
ME -> I added "session.use_trans_sid = 1" to the beggining of my php.ini
file an
On Fri, Apr 4, 2008 at 3:58 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:
> *im really sorry for interupting*
>
> The session.use_trans_sid setting automaticly adds
>
>
> > sid=**(32-chars-sess-id)**
> >
> to the url's of the website,
> it should solve your problem
> try to use it if you have
On Fri, Apr 4, 2008 at 3:48 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Daniel Brown [mailto:[EMAIL PROTECTED]
>
> Probably because of the fear of session hijacking and spoofing.
> The thing is, a handwritten cookie is just as effective for
> that, by changing the PHPSESSID (or equivale
*im really sorry for interupting*
The session.use_trans_sid setting automaticly adds
> sid=**(32-chars-sess-id)**
>
to the url's of the website,
it should solve your problem
try to use it if you have an access to php.ini
otherwise, my suggestion is to forward a compiled (coded or something like
De: Daniel Brown [mailto:[EMAIL PROTECTED]
Probably because of the fear of session hijacking and spoofing.
The thing is, a handwritten cookie is just as effective for
that, by changing the PHPSESSID (or equivalent). In any case,
a 32-byte hexadecimal hash should be sufficient security for
On Fri, Apr 4, 2008 at 2:57 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
>> De: Daniel Brown [mailto:[EMAIL PROTECTED]
>>
>> > echo
>> "http://www.domain.com/script.php?".session_name()."=".session_id();
>> ?>
>
> I think it was supposed to add those stuff automagically...?
>
> Not quite su
De: Daniel Brown [mailto:[EMAIL PROTECTED]
On Fri, Apr 4, 2008 at 2:37 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
>
> you mean like session.use_trans_sid in php.ini?
>
>
> How does this thing work anyway? As far as I read, it adds the
On Fri, Apr 4, 2008 at 2:37 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
>
>
> you mean like session.use_trans_sid in php.ini?
>
>
> How does this thing work anyway? As far as I read, it adds the session id to
> every (default behavior) hre
De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
you mean like session.use_trans_sid in php.ini?
How does this thing work anyway? As far as I read, it adds the session id to
every (default behavior) href and a hidden field in forms, right?
I *think* it just does that when you have cookies d
De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
you mean like session.use_trans_sid in php.ini?
Never heard of it, just RTFM'ed and it looks like the solution.
I'll be trying it and reply with the results. Thanks!
Thiago
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visi
Thiago Pojda wrote:
> Does anyone know how to fix this? Add a hidden PHPSESSID field in every form
> (instead of cookies) would solve my problem or is this a server-side thing?
>
>
you mean like session.use_trans_sid in php.ini?
Regards,
Ryan Yagatich
--
Pantek, Inc. - http://www.pantek.c
Guys,
Some users often open two different sessions in my application by opening a
new browser instance (not "Open in new window" {they all use IE}).
This actually works better than expected, the two sessions are almost
indepedent.
The thing is: almost. Sometimes one session displays data fro
13 matches
Mail list logo
