Re: Re: disable referer ? (was: Framed & Linked Content)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, January 29, 2008 12:48 pm, Per Jessen wrote:
> Robert Cummings wrote:
>
>> Actually, now you made me think on it... the primary reason I
>> disable
>> referrer logging is because it will also pass along lovely
>> information
>> such as any session ID embedded in the URL. So if you happen to get
>> on
>> a malicious site, they could access the account from which you've
>> come.
>
> Hmm, interesting idea.  I wonder if the sessionid isn't tied to the
> IP-address even when it's part of the URL?

It CANNOT be tied to the IP address, because most users' IP addresses
are not static.

Google for "session hijacking" for more info.

> Still, I can't help thinking that if this is a serious problem, it
> would
> have been dealt with long ago.

War is a serious problem.

So is murder.

So is people cutting me off in traffic. :-v

None of them have been dealt with effectively yet.

-- 
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux