[nycphp-talk] Experts help needed (Sessions)
Joseph Crawford
codebowl at gmail.com
Thu Aug 11 12:56:30 EDT 2005
I understand what you are saying about if a users UA doesnt change often
then all the sudden there is a change, this is not normal so i should
enforce the check. However for the users that for whatever reason thier UA
changes frequently what else could i check? Thier IP may change frequently
as well so i cannot base the second check on that alone. Maybe i should
integrate the IP checking in with the UA checking, and if thier UA changes
frequently but thier ip does not, check the ip, if changed that's not
normal, show the login. However what if it is an AOL user tunneling in
through a proxy and for whatever reason thier UA changes frequently, thier
IP could change from page to page as AOL tunnels through proxies.
I guess i need to know what to do if the users UA and IP both change
frequently, should i just ignore them and hope they dont have thier session
hijacked? I understand what i am implementing should secure atleast 90% of
users but what about the other 10%
--
Joseph Crawford Jr.
Codebowl Solutions, Inc.
1-802-671-2021
codebowl at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050811/8398992e/attachment.html>
More information about the talk
mailing list