PEAK XOOPS - Re: Session Management 
Re: Session Management
Re: Session Management
msg# 1.1.1.2
- depth:
- 3
Previous post
-
Next post
|
Parent
-
No child
|
Posted on 2007/7/8 17:46
GIJOE
Posts: 4110
Posts: 4110
Quote:You should check the session of XOOPS.
At least, The verion of core 2.0.16 from xoops.org never creates a new session record on loggin-in.
(Same session id)
However, 2.0.16aJP from xoopscube.org regenerates the session id on loggin-in.
This is a code for preventing "session fixation".
(Of course, 2.1 Legacy does the same behavior)
(I think xoopscube's way is better than xoops's way)
Protector just checks session-hijacking from the other IP(range) for some groups like "administrators".
bills wrotes:
When a user connects to Xoops, a new record is placed into the (xoops_)session table in the Xoops database. When a user logs in, a second record is entered into the session table.
At least, The verion of core 2.0.16 from xoops.org never creates a new session record on loggin-in.
(Same session id)
However, 2.0.16aJP from xoopscube.org regenerates the session id on loggin-in.
This is a code for preventing "session fixation".
(Of course, 2.1 Legacy does the same behavior)
(I think xoopscube's way is better than xoops's way)
Protector just checks session-hijacking from the other IP(range) for some groups like "administrators".
Votes:0
Average:0.00
Posts tree
-
Session Management
(bills, 2007/7/7 1:02)
-
Re: Session Management
(GIJOE, 2007/7/7 3:37)
-
Re: Session Management
(bills, 2007/7/7 4:54)
-
Re: Session Management
(gigamaster, 2007/7/8 3:14)
-
Re: Session Management
(GIJOE, 2007/7/8 17:46)
-
-
-
Login