RE: How to send a SID in a security way

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Write a function that gets called frequently (or with a cron job) to clean out session records every half an hour or so...

Each time a page loads with those session vars, update the timestamp in that record.

bastien


From: "Andre Matos" <andre.matos@xxxxxxxxxxxx>
To: "'Bastien Koert'" <bastien_k@xxxxxxxxxxx>
CC: <php-db@xxxxxxxxxxxxx>
Subject: RE:  How to send a SID in a security way
Date: Fri, 22 Oct 2004 14:19:05 -0400

I had thought about this idea to storage the session information in a
database. However, what's happening if a user just closes the browser
without logout from the application or if the browser crashes. The session
will be in the database and the user is gone. How to track this?

Thanks.

Andre

--
Andre Matos
andre.matos@xxxxxxxxxxxx
-----Original Message-----
From: Bastien Koert [mailto:bastien_k@xxxxxxxxxxx]
Sent: Friday, October 22, 2004 1:22 PM
To: andre.matos@xxxxxxxxxxxx; h.dudeness@xxxxxxxxx
Cc: php-db@xxxxxxxxxxxxx
Subject: RE:  How to send a SID in a security way

What about writing a function that will store some of those required
variables into a db. Then on the second site, open a link to the first db
and query for those values that you need?

bastien


>From: "Andre Matos" <andre.matos@xxxxxxxxxxxx>
>To: "'Matt M.'" <h.dudeness@xxxxxxxxx>
>CC: <php-db@xxxxxxxxxxxxx>
>Subject: RE: How to send a SID in a security way
>Date: Fri, 22 Oct 2004 12:59:00 -0400
>
>Hi Matt,
>
>I am trying to solve my problem to have one browser accessing two different
>applications (each one in a different window) where each application has
>its
>own and unique sessionID. I really don't want to use cookie because I will
>need that the user enable the option "accept cookies" in the browser.
>
>However, I am afraid to pass the sessionID on the URL because someone can
>cat it.
>
>I am using currently using SSL.
>
>Can you see any solution for my problem?
>
>Thanks.
>
>--
>Andre Matos
>andre.matos@xxxxxxxxxxxx
>
>-----Original Message-----
>From: Matt M. [mailto:h.dudeness@xxxxxxxxx]
>Sent: Friday, October 22, 2004 12:35 PM
>To: Andre Matos
>Cc: php-db@xxxxxxxxxxxxx
>Subject: Re: How to send a SID in a security way
>
> > How can I send a SID (SessionID) in a security way from one page to
>another?
> > Is it "security" to do this?
>
>not sure what exactly you want. You could just use cookies, dont
>allow it to be in form fields or query strings.
>
>you could use ssl.
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux