By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,953 Members | 1,143 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,953 IT Pros & Developers. It's quick & easy.

can you use sessions to ensure the user visited a previous page? can a sessions be easily spoofed?

P: n/a


Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a

"NotGiven" <no****@nonegiven.net> wrote...
: [nothing]

1. don't post your entire question in the subject line
2. don't multipost
3. You can encrypt session vars with an md5() hash, for example. This will
make spoofing a lot more difficult.
..soma
Jul 17 '05 #2

P: n/a
Hi!

On Thu, 20 Nov 2003 00:02:25 +0100, "somaBoy MX" <no**@nonesuch.net>
wrote:
3. You can encrypt session vars with an md5() hash, for example. This will
make spoofing a lot more difficult.


I think its not necessary, as only already md5'ed session id gets
transported.

HTH, Jochen
--
Jochen Daum - CANS Ltd.
PHP DB Edit Toolkit -- PHP scripts for building
database editing interfaces.
http://sourceforge.net/projects/phpdbedittk/
Jul 17 '05 #3

P: n/a
On Wed, 19 Nov 2003 13:10:21 -0500, "NotGiven" <no****@nonegiven.net>
wrote:>

Use $_SESSION["HTTP_REFERER"]

The above server variable will tell you the page they arrived from.
You commonly use it in a script page to return to the form that
submitted towards it.

kafooey
- ka*****@nospam.yahoo.co.uk
- http://www.pluggedout.com/blog
Jul 17 '05 #4

P: n/a
Hi,
1. don't post your entire question in the subject line
2. don't multipost
3. You can encrypt session vars with an md5() hash, for example. This will
make spoofing a lot more difficult.


I agree, but to answer the question: yes you could use sessions to check if
a page was previously viewed. You could on one page initialize the session,
on the next page (the one that should be viewed before going on) set a var
in the session:

$_SESSION['pageviewed'] = true;

And on the third page you could check if this var is set:

if ($_SESSION['pageviewed']!=true) { die("Cheater!"); }

Remember you have to do a session_start on every page you use a session and
it should be done before any output is send to the browser.

Bye,
Jonathan
Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.