If a client loads the website, they will be randomly assigned a 32-byte session id. This id is unique. Now, let's say they log in to the website. If their username is unique, could it not be used as their session id?
No, because it is theoretically possible their username could be 32 bytes in length, and that the php session management routines could randomly generate an exact match. I think.
en.WN
Just this goy...
Blog roll
-
-
Review: In My Father's Country12 years ago
-
A piece of cake13 years ago
Blog Archive
-
▼
2002
(134)
-
▼
September
(25)
- Learning about classes this morning, and all kinds...
- Okay... I'm still down with this virus, which is r...
- Although rather under the weather, I did manage to...
- Need to dig into set_block.inc.php today. Then fin...
- Trying to dig into the mainfile... working on the ...
- Despite the distractions (going to the YMCA, etc.)...
- Okay, this morning I'm trying to re-build the them...
- I should mention what I did, though... I decided ...
- Wow! a great break-thru session of coding, about 3...
- I think I'm here... Codito Ergo Sum?
- I also learned how to explode blogger.com... turn ...
- Now then... I've successfully: created sessionsreg...
- Okay, I can deal with using the ugly 40-some byte ...
- If a client loads the website, they will be random...
- Let me see if my logic is going okay tonite...
- Thank you aaaaannnnnnd, good nite.
- Okay...added "Welcome user/guest" script to the he...
- Yep, site is there. Cute, too.
- Cool! the new host is apparently online. And soon,...
- Fine. I'm back home, after a rather wasted day in ...
- Okay, this was interesting. Not. Kept getting err...
- Okay, weird problems attempting to install phpws o...
- Unfortunately, that's about all I *did* get to wor...
- WooHoo!! (dancing the "I'm-so-cool" dance 'cuz I g...
- And a bright and cheery morning to you, too!
-
▼
September
(25)
About Me
- Amgine
- Owned by Njørđson, a Cape Dory 25D.
No comments:
Post a Comment