Re: session - cookie issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, October 20, 2006 5:20 am, Dave Goodchild wrote:
> Hi all, I am having issues with users not being able to post their
> details
> to my site. The system uses sessions, so when they hit the index page
> a test
> cookie is set thus:
>
> setcookie('djst', 'test');

You should *NOT* set the timeout to an hour!

If their clock is "off" by an hour (or worse, your server clock is off
by an hour) the cookie will expire immediately.

Trusting the "time" of a Cookie clock is silly for anything less than
the scale of years, maybe months.

Even then, a user intent on causing trouble will reset their clock to
wild values to play with you, and then you're in trouble.

> and then I test whether that cookie is set on the next page. If not, I
> direct the users to an informational page. This works my end in FF and
> IE6
> (sec settings tested at low, medium and medium high) but appox 1 in 20
> users
> cannot get past the cookie warning, even if they set their security
> settings
> to low in IE.

I've had major problems with IE on one site like this as well, and
suspect it's that goofy "short privacy policy" thing...

Never have time to check it out, as the answer "Use Firefox" always
works out better. :-)

> I am also setting PHPSESSID to something of my own, as I hear that IE
> does
> not like PHPSESSID (correct?).

Aroooo?

References, please?

Not that it would surprise me...

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux