* Thus wrote Mark-Walter@xxxxxxxxxxx: > Hi Dirk, > > > I found this one very usefull: > > http://shiflett.org/php-security.pdf > > Nice docu *g* > > Does someone use this code out from the > docu mentioned aboved ? > > It work's for me only under Explorer, Netscape > switch to exit. > > # > # Verify HTTP Header > # > > if (isset($_SESSION['HTTP_USER_AGENT'] )) > { > if ($_SESSION['HTTP_USER_AGENT'] != > md5($SERVER['HTTP_USER_AGENT'])) > { > exit; > } > } > else { > $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); > } If your using the same session for IE and netscape, the behaviour you are experiencing demonstrates how this can prevent session hijacking. Netscape, using its own session should work fine. Curt -- Quoth the Raven, "Nevermore." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
