On Sat, 23 Jan 2010 09:32:37 -0500, tedd.sperling@xxxxxxxxx (tedd) wrote: >At 1:13 PM +1100 1/23/10, clancy_1@xxxxxxxxxxxx wrote: >> but I would be grateful for any suggestions how I >>could make this procedure more secure. > >We have given you advice that you should NOT use Cookies in any >fashion to secure your site, but you remain steadfast that you know >better -- so, what else can we say other than good luck. BUT you have told me to use sessions, and sessions use a Cookie! If the Cookie I use contains random data, the only difference in security is in the time that it remains valid. Neither contains any useful information, but while they are valid both will enable you to bypass security. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
