[CLUE-Tech] PHP and Session Cookies
grant
grant at amadensor.com
Fri Oct 25 15:43:52 MDT 2002
One thing you can do is get all of your vars from $HTTP_POST_VARS if they
should have been POSTed. This will prevent URL sneakiness, and you will
not have to look at the method. There is an option for making the session
stuff go on the URL, but it is in the php.ini file, as far as I know. My
stuff, I just use the cookie, but I set them to never write to disk. I
only expect them to keep it in memory. If they are entering any data that
would require a login, but do not trust you enough to allow you to drop a
cookie, this is a weird situation.
Answer: Go with the cookie, and use HTTP_GET_VARS and HTTP_POST_VARS to
decipher where the entries came from. I can still fake a post as well as
a GET, so it isn't really more secure. POSTs only just prevent bookmarks.
You should be checking the session every time around anyway.
______________________________________________________________________________
Your mouse has moved.
You must restart Windows for your changes to take effect.
#!/usr/bin/perl
print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);
More information about the clue-tech
mailing list