Re: How to build a web application the right way
- From: larry@xxxxxxxxxxxxxxxxx
- Date: 29 Dec 2006 15:07:41 -0800
On Dec 29, 6:26 am, Vincent Delporte <just...@xxxxxxxx> wrote:
On 28 Dec 2006 12:06:53 -0800, "Anthony Smith" <mrsmi...@xxxxxxxxxxx>
wrote:
there a best practice for this. Currently what I do is have each pagefile, and include it first thing in all the pages.
include a check session include file. From what I read, this is how it should be done. Put the check in a
And to take it to the next step you include thier remode address as
part of thier session check (md5 with ip and user name or something to
mix it up) so if someone were to intercept your session and try to take
over, the change in client IP (during the session) would void the
access.
And other thing would be to put a time limit to the current session
access ( a session var with expiration time) so if some badguy got in
from a user abandoning a terminal with a live connection it would time
out regardless. (or/also maybe have a re-verification for
sensitive/delete/admin parts just to make sure) Just depends on how
paranoid you want to be.
.
- Follow-Ups:
- Re: How to build a web application the right way
- From: Jerry Stuckle
- Re: How to build a web application the right way
- References:
- How to build a web application the right way
- From: Anthony Smith
- Re: How to build a web application the right way
- From: Vincent Delporte
- How to build a web application the right way
- Prev by Date: Re: Creating PDFs in PHP
- Next by Date: Easiest setup on Linux for a PHP newbie
- Previous by thread: Re: How to build a web application the right way
- Next by thread: Re: How to build a web application the right way
- Index(es):
