[FX.php List] [OFF] Theory of managing sessions
Jonathan Schwartz
jschwartz at exit445.com
Tue Nov 20 12:15:09 MST 2007
Something is very wrong here.
I can't get a session to destroy, even using the session_destroy() command.
For reference, I am using SID in the URL. Cookies are turned off.
As a test, I copy the URL. I run session_destroy(). I quit Safari.
I restart Safari. I paste the UR back into Safari. It still works,
displaying data from the session!
What's the deal?
Thx.
Jonathan
At 7:38 AM -0800 11/20/07, Lindal, Mark wrote:
>re: Session and security
>This is now the area that I am working on with my solution.
>
>On my last page, I added these two lines of code so there is no caching of
>the pages:
>
>header('Cache-Control: no-cache');
>header('Pragma: no-cache');
>
>I believe this is to prevent caching of pages to prevent people from going
>back a page in the history and retrieving data.
>
>------------------------------
>Mark Lindal
>mlindal at nrcan.gc.ca
>250-363-0603
>
>
>
>_______________________________________________
>FX.php_List mailing list
>FX.php_List at mail.iviking.org
>http://www.iviking.org/mailman/listinfo/fx.php_list
--
Jonathan Schwartz
Exit 445 Group
jonathan at exit445.com
http://www.exit445.com
415-381-1852
More information about the FX.php_List
mailing list