Usually my system are templates and OOP based, so if you change the main
function that handles the links...
btw I dont know if you thought about this, in order to deny any kind of
session fixation and X/CSRF (cross site forgeries) you better write down
some $_GET forwarded token system ;)
CSRF - a
On Fri, Apr 4, 2008 at 3:58 PM, Nitsan Bin-Nun <[EMAIL PROTECTED]> wrote:
> *im really sorry for interupting*
>
> The session.use_trans_sid setting automaticly adds
>
>
> > sid=**(32-chars-sess-id)**
> >
> to the url's of the website,
> it should solve your problem
> try to use it if you have
On Fri, Apr 4, 2008 at 3:48 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Daniel Brown [mailto:[EMAIL PROTECTED]
>
> Probably because of the fear of session hijacking and spoofing.
> The thing is, a handwritten cookie is just as effective for
> that, by changing the PHPSESSID (or equivale
*im really sorry for interupting*
The session.use_trans_sid setting automaticly adds
> sid=**(32-chars-sess-id)**
>
to the url's of the website,
it should solve your problem
try to use it if you have an access to php.ini
otherwise, my suggestion is to forward a compiled (coded or something like
On Fri, Apr 4, 2008 at 2:57 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
>> De: Daniel Brown [mailto:[EMAIL PROTECTED]
>>
>> > echo
>> "http://www.domain.com/script.php?".session_name()."=".session_id();
>> ?>
>
> I think it was supposed to add those stuff automagically...?
>
> Not quite su
On Fri, Apr 4, 2008 at 2:37 PM, Thiago Pojda
<[EMAIL PROTECTED]> wrote:
> De: Ryan Yagatich [mailto:[EMAIL PROTECTED]
>
>
> you mean like session.use_trans_sid in php.ini?
>
>
> How does this thing work anyway? As far as I read, it adds the session id to
> every (default behavior) hre
Thiago Pojda wrote:
> Does anyone know how to fix this? Add a hidden PHPSESSID field in every form
> (instead of cookies) would solve my problem or is this a server-side thing?
>
>
you mean like session.use_trans_sid in php.ini?
Regards,
Ryan Yagatich
--
Pantek, Inc. - http://www.pantek.c
7 matches
Mail list logo
