NYCPHP Meetup

NYPHP.org

[nycphp-talk] Session Thoughts

Chris Shiflett shiflett at php.net
Fri Oct 31 11:57:09 EST 2003


--- Mark Armendariz <nyphp at enobrev.com> wrote:
> Here's how I do it in my login class:
[snip]
> In the top of your site files (an app_top or config or whatever),
> run some
> sort of:
> if (!logged_in) {
> 	check_for_login_cookie();
> }

Out of curiosity, when a user's cookie is compromised for whatever
reason, this ensures that the attacker is able to hijack the user's
session at any time in the future?

Or, does the check_for_login_cookie() function require a password or
something before continuing?

Chris

=====
My Blog
     http://shiflett.org/
HTTP Developer's Handbook
     http://httphandbook.org/
RAMP Training Courses
     http://www.nyphp.org/ramp



More information about the talk mailing list