clancy_1@xxxxxxxxxxxx wrote:
On Sat, 23 Jan 2010 09:32:37 -0500, tedd.sperling@xxxxxxxxx (tedd) wrote:
At 1:13 PM +1100 1/23/10, clancy_1@xxxxxxxxxxxx wrote:
but I would be grateful for any suggestions how I
could make this procedure more secure.
We have given you advice that you should NOT use Cookies in any
fashion to secure your site, but you remain steadfast that you know
better -- so, what else can we say other than good luck.
BUT you have told me to use sessions, and sessions use a Cookie!
If the Cookie I use contains random data, the only difference in security is in the time
that it remains valid. Neither contains any useful information, but while they are valid
both will enable you to bypass security.
Using only sessions means you have the tried and true php session
handling to manage the cookie, rather than re-inventing the wheel
yourself by using your own random string to do the same thing that a
session cookie already does.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
