One thing that I did that may help.
Every time a session is opened, the system insists on writing to disk on
every page, whether the session is updated or not.
With a lot of users, this is a bit of a system bog.
So, I hold the contents of a session when 'read', in a global variable.
Then, in the
Nope, have no idea... I've just allways been told (and adhered to) the rule
that you don't trust anything client side, which would include IP address'.
Even if you could get it working for AOL, what about some other ISP located
in Australia, South Africa, or anywhere else on the planet that you've
Just out of curiosity, do you know if any part (e.g. x1.x2.x3.x4) of the IP
remains static when AOL changes it? Even if it's only the first part, that's
better than nothing.
I'm having a headache now, because I'm already behind schedule, and this has
just thrown a spanner in the works :( (but sti
lol, no sooner had I spoke than it sprang back into action! I now have the
source you posted. Looking it over!
"M1tch" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Okay, having had my own solution shot and burned ;), I would love to look
at
> yours, but unfo
Okay, having had my own solution shot and burned ;), I would love to look at
yours, but unfortunately the page (well, the entire site), will not load.
It could be a temporary outage with either ISP, but is there anyway you
could post it here? (I perhaps flag it as large?).
On my site, I'm not rea
Ooooh, it's a lesson every day! Right, back to the drawing board :(
"Justin French" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote:
>
> > Why not just use IP?
> > I created a nice system, whereby if your IP
on 08/09/02 5:04 AM, M1tch ([EMAIL PROTECTED]) wrote:
> Why not just use IP?
> I created a nice system, whereby if your IP is changed (or someone is
> hacking your session), the session is destroyed, and the user must log in.
> Does not add much overhead either.
large ISPs like AOL use variable
gt; -Original Message-
> From: M1tch [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, September 07, 2002 12:05 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Proposal for securing PHP sessions
>
>
> Why not just use IP?
> I created a nice system, whereby if your IP is changed
Sent: Sunday, September 08, 2002 8:34 AM
Subject: RE: [PHP] Re: Proposal for securing PHP sessions
> You're going to be shutting out a lot of AOL users (bah! who needs em! ;p)
> if you do that, as AOL changes a user's IP address about as often as you
> read the word "the&qu
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Also, I built it using database (using my own session functions in
savehandler), that stores the
07, 2002 12:05 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Re: Proposal for securing PHP sessions
Why not just use IP?
I created a nice system, whereby if your IP is changed (or someone is
hacking your session), the session is destroyed, and the user must log in.
Does not add much overhead either.
Al
11 matches
Mail list logo
