#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Location
    france
    Posts
    35
    Rep Power
    14
    suppose I've got this function on topof each page that tests a session variable $userid and kicks the user out if he's not identified...

    Isn't there a risk that entering ?userid=... in the URL might authenticate the user even though he isn't logged ?

    (my question is : do URL variables overwrite session variables...)

    -
    J0f
  2. #2
  3. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2000
    Location
    Bucharest, Romania
    Posts
    18
    Rep Power
    0
    There is one thing I know for sure, because I tested it: session variables overwrite post variables. So, I am almost sure they overwrite get variables, too.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    2
    Rep Power
    0
    When you install PHP and you're using PWS as your server, the default location for saving session data is the /tmp directory.

    Where's this directory supposed to be located at? Is it relative to the PHP executable, or the wwwroot directory, or in your win98 directory?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Location
    france
    Posts
    35
    Rep Power
    14
    It's hosted by a public provider in France (I'm a froggie ) so I don't know much about his settings...

    Thanks anyway folks !

Similar Threads

  1. php sessions and security problems.
    By mochico in forum PHP Development
    Replies: 7
    Last Post: February 18th, 2004, 03:51 PM
  2. How to implement a security sub-system?
    By simplesimple in forum Beginner Programming
    Replies: 2
    Last Post: January 24th, 2004, 04:33 PM
  3. Why do sessions dissappear when entering a ssl webpage
    By cuboctahedron in forum PHP Development
    Replies: 3
    Last Post: July 2nd, 2003, 08:43 PM
  4. multipage form: sessions or hidden fields?
    By Ssy in forum PHP Development
    Replies: 7
    Last Post: June 24th, 2003, 10:20 AM
  5. sessions save path
    By sharky121 in forum PHP Development
    Replies: 5
    Last Post: March 25th, 2003, 11:50 PM

IMN logo majestic logo threadwatch logo seochat tools logo