On 9 August 2010 13:30, Juan Rodriguez Monti <juan@xxxxxxxxxxxxxxxxxxxxx> wrote: > I thought that might be a good idea, to define a session variable > called ( failedattempts ), then check and if $failedattempts is > greater than, suppose, 4 ... As sessions are connected to a request through a session cookie, putting the failed attempts in the session for checking later is a bad idea. A script attempting to crack your security will most likely NOT be using cookies. So each request, all the many millions of them, will seem to be clean/virgin requests, not multiple attempts. Each request will create a blank new session with 0 previous attempts. Richard. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
