[nycphp-talk] Experts help needed (Sessions)
Joseph Crawford
codebowl at gmail.com
Thu Aug 4 11:40:28 EDT 2005
I think i finally got everything working the way i want it, i generate the
hash and store it along side the session id, whenever the page is loaded it
get's the hash from the db, and calculates the user s hash, if they match
nothing is done, if they dont session_destroy is called and
session_regenerate_id is called so the new user doesnt get the same session
id as the one hijacked. Next i will implement a way to only do the check
every X page loads for the user or something because every page querying
this check could become resource intensive. I took a look at implementing
adam's suggestion of regenerating the session id with every page load, i
looked at doing this and then updating the current db record with the new id
etc.. this would work if my hash didnt include the current session_id. The
way it is now if i regenerate every page, every other page thinks the
session has been hijacked ;)
Maybe sometime down the road i will look at implementing this ability as i
am sure it's a small restructure problem but i think it's ok for now ;)
Now i get to work on my user managment and permissions system, figure out
how i am going to implement the roles and who has what role ;)
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050804/1bcafcb3/attachment.html>
More information about the talk
mailing list