On Sun, Jun 19, 2005 at 08:23:48AM -0400, Juan Pablo Gil wrote:
> On 6/19/05, Martin Samesch <martin.samesch@xxxxxxxxxxxxxxxxxxxx> wrote:
> > --- snip ---
> > Try this code snippet, from a book by a security expert who says this
> > is more secure to place on every page:
> >
> > session_start();
> > $_SESSION['name'] = "YourSession";
> >
> > if (!isset($_SESSION['initiated']))
> > {
> > session_regenerate_id();
> > $_SESSION['initiated'] = true;
> > }
> > --- snip ---
>
>
> Many thanks Martin!
>
> Starting with you hint, I found this site, I guess it's the book you
> said: http://phpsec.org/projects/guide/4.html
Hey, great site! I hadn't known it (is this correct english? ;-).
My "hint" rather was a question. ;-)
Many more thanks to you.
> [...]
> Anyway, the really simple line I sent is still correct, but not as
> secure as the second option.
>
> But now... I'll add those lines to many projects I have already running :)
Metoo ;-)
Cheers,
Martin
PHP Data object relational mapping generator - http://www.meta-language.net/
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-objects/
<*> To unsubscribe from this group, send an email to:
php-objects-unsubscribe@xxxxxxxxxxxxxxx
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
