NYCPHP Meetup

NYPHP.org

[nycphp-talk] Chris Shiftlett's Session Example

Joseph Crawford codebowl at gmail.com
Wed Aug 3 11:55:26 EDT 2005


http://shiflett.org/code/http-developers-handbook/session_example.phps

guys i have a few questions about this.

here is the snipplet i am concerned with

 # Make sure the user agent is correct
$ua_should_be = urldecode($parsed_cookie['ua']);
if ($_SERVER['HTTP_USER_AGENT'] != $ua_should_be)
{
$identity_validated = false;
}

does that seem redundant to anyone else? Why would you store a value in a 
cookie (on the clients machine) and then use that to compare to php's 
HTTP_USER_AGENT, couldnt the client just edit the cookie to be the same? 
Then once they go to the page it will see it as valid.


-- 
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050803/1bd063d9/attachment.html>


More information about the talk mailing list