Professional Web Applications Themes
  1. #1

    Default can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?



    Sponsored Links
    NotGiven Guest

  2. #2

    Default Re: can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?


    "NotGiven" <nonamenonegiven.net> wrote...
    : [nothing]

    1. don't post your entire question in the subject line
    2. don't multipost
    3. You can encrypt session vars with an md5() hash, for example. This will
    make spoofing a lot more difficult.


    ..soma


    somaBoy MX Guest

  3. #3

    Default Re: can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?

    Hi!

    On Thu, 20 Nov 2003 00:02:25 +0100, "somaBoy MX" <nonenonesuch.net>
    wrote:
    >3. You can encrypt session vars with an md5() hash, for example. This will
    >make spoofing a lot more difficult.
    I think its not necessary, as only already md5'ed session id gets
    transported.

    HTH, Jochen
    --
    Jochen Daum - CANS Ltd.
    PHP DB Edit Toolkit -- PHP scripts for building
    database editing interfaces.
    [url]http://sourceforge.net/projects/phpdbedittk/[/url]
    Jochen Daum Guest

  4. #4

    Default Re: can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?

    On Wed, 19 Nov 2003 13:10:21 -0500, "NotGiven" <nonamenonegiven.net>
    wrote:>

    Use $_SESSION["HTTP_REFERER"]

    The above server variable will tell you the page they arrived from.
    You commonly use it in a script page to return to the form that
    submitted towards it.



    kafooey
    - [email]kafooeynospam.yahoo.co.uk[/email]
    - [url]http://www.pluggedout.com/blog[/url]
    kafooey Guest

  5. #5

    Default Re: can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?

    Hi,
    > 1. don't post your entire question in the subject line
    > 2. don't multipost
    > 3. You can encrypt session vars with an md5() hash, for example. This will
    > make spoofing a lot more difficult.
    I agree, but to answer the question: yes you could use sessions to check if
    a page was previously viewed. You could on one page initialize the session,
    on the next page (the one that should be viewed before going on) set a var
    in the session:

    $_SESSION['pageviewed'] = true;

    And on the third page you could check if this var is set:

    if ($_SESSION['pageviewed']!=true) { die("Cheater!"); }

    Remember you have to do a session_start on every page you use a session and
    it should be done before any output is send to the browser.

    Bye,
    Jonathan


    Jonathan Guest

Similar Threads

  1. Remembering user's answers using sessions
    By JasonBarr in forum Macromedia ColdFusion
    Replies: 0
    Last Post: February 18th, 05:32 PM
  2. Terminal Server Printers on all user's sessions
    By Matt in forum Windows Server
    Replies: 0
    Last Post: June 18th, 03:08 PM
  3. CGI::Sessions : Deleting expired sessions
    By Vito Corleone in forum PERL Modules
    Replies: 1
    Last Post: June 15th, 02:49 PM
  4. Multiple Sessions on a Page
    By Nitin in forum ASP.NET Security
    Replies: 0
    Last Post: December 24th, 07:59 AM
  5. Database sessions and file sessions
    By Cditty in forum PHP Development
    Replies: 1
    Last Post: September 9th, 01:34 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139