Re: Why are they more secure?

Re: Why are they more secure?

am 01.04.2008 01:52:44 von Toby A Inkster

Gordon wrote:

> The session_regenerate_id function in PHP mitigates this problem
> somewhat, it cause a user with a valid session ID to be assigned a
> different ID for every call.

And will probably end up logging visitors out if they have more than one
of your pages open simultaneously in a tabbed browser.

--
Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux 2.6.17.14-mm-desktop-9mdvsmp, up 5 days, 11:11.]

Cognition 0.1 Alpha 6
http://tobyinkster.co.uk/blog/2008/03/29/cognition-alpha6/

Re: Why are they more secure?

am 01.04.2008 13:02:10 von Jerry Stuckle

Toby A Inkster wrote:
> Gordon wrote:
>
>> The session_regenerate_id function in PHP mitigates this problem
>> somewhat, it cause a user with a valid session ID to be assigned a
>> different ID for every call.
>
> And will probably end up logging visitors out if they have more than one
> of your pages open simultaneously in a tabbed browser.
>

Toby,

I find it amazing how people defend poor practices to the death.

I don't mind if they lose visitors to their sites. I just hate to see
when they promote their "designs" to unsuspecting programmers.
Especially when there are already established ways to do what needs to
be done, without making visitors mad.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Re: Why are they more secure?

am 02.04.2008 22:55:08 von AnrDaemon

Greetings, Toby A Inkster.
In reply to Your message dated Tuesday, April 1, 2008, 03:52:44,

>> The session_regenerate_id function in PHP mitigates this problem
>> somewhat, it cause a user with a valid session ID to be assigned a
>> different ID for every call.

> And will probably end up logging visitors out if they have more than one
> of your pages open simultaneously in a tabbed browser.

Obvious lie. Browser tracking cookies for site, not for one tab opened (Don
not mention IE here, please). If cookies changed in one tab, they will be sent
along in the other tab, when user going to navigate there.


--
Sincerely Yours, AnrDaemon