Hello everyone, this is my first time asking a question in the PHP forum (as I in general am much more experienced in it) instead of where I usually troll around on the JavaScript one.
I am pretty sure this does exactly as I have intended it to do... Control a session...
This script has no errors (I'm pretty sure).
But I just wanted to know if anyone can find a way to "hijack" a session without being on a computer under the same IP address. (Which is possible mostly if that user has cookies disabled, and that user copies the $_GET variable: SID. Whereas you should not be able to do that if the user has cookies enabled, without manually adding/editing your session cookie)
The ONLY way to steal someone's session should be if you're on a computer under the same IP address as that someone.
Note that I haven't added anything to set a user's cookies, this will be added later.
Thanks to everyone who is willing to double-check my code. :)
<code removed as per the posting guidelines>
5  1191 
Alright, well, looks like I can't edit my original post, so eh...
Just understand that I threw that up there the moment I finished the majority of the code.
It didn't work (as expected), but now I have a fully functioning one. So just understand that my current version of the code is like that, but working.
Banfa 9,065
Recognized Expert Moderator Expert
While I understand the sort of euphoria you get when you finally complete a large project/hit a major milestone please bear in mind that our Posting Guidelines contain specific guidelines about posting source code, particularly the source code to course work and stipulate that you may not post the complete source.
I suggest you take a few minutes to read over those guidelines.
Banfa
Administrator
Well, I read through them carefully (again), and this is the only thing I have come accross:
Do NOT post your complete source code. Remember, you found this site, so can your professors and tutors and they are likely to take a dim view if you hand in something that appears to be copied from this site. In most academic institutes the minimum response to copying of assignments is a 0 mark for the assignment in question. If you post your entire code your professor will not know it was your work, you may be penalised for copying from yourself.
And well, I thought that I wasn't in any kind of school, or institution, but was rather doing this work on my own terms. So I thought I would ask if anyone thought it was acceptable as a session class.
Yes, this is the full source code for that, but if you saw, there are various references to other classes in other documents I have not included in this page, some of which are much larger. This is only one small dink in my whole program I am developing at the moment.
I guess this just looks like a much more serious form of complete source code that must have been done for coursework rather than for fun like my other posts that looked more like they were for fun such as my shinylink JavaScript?
Hiya moltendorf. This ain't my forum (I'm away from my Access home) but your reply has caught my eye...
Your original source code was around 80 lines long, and we can't easily review lengthy code submissions. As the guidelines you quote say we cannot show code solutions for courseworks. Anyone can read them, and anyone who copies can end up in serious trouble with their home institution for doing so. In a previous role I chaired disciplinary hearings for students who plagiarised work, so please understand that it is a VERY serious charge to have to face. We cannot in any way encourage the posting of complete solutions that would allow others to copy work.
If you are studying on your own rather than with an institution of some kind we have no way of knowing, so kicking back at our response to you is not going to help.
As I say, not my forum or thread - but the tone of your response caught my eye. All of us who post on this site do so voluntarily to try to help others - please do not be offended if we have to make decisions you don't like. We will not be able to please all posters all of the time...
-Stewart
Well, I can understand that, Stewart, but I didn't think of that as I (in general) have always taught myself, and never have thought of school as a place for help, but that's just my personal little tidbit.
A general do not post full source code with no ifs or buts in the guidelines would have steered me away from posting it. (although, it had several parse errors, and problematic bugs, since I wrote it, and did not give it a few test runs before I posted it here)
I guess in general, If I need to give someone the full documentation of the source code, I will have a sort of file browser to look through each huge file on my site in the future (it already exists, but was broken with the recent jump to PHP5).
All I was asking here was someone tell me if it is a good form of security when it comes to that.
One final note. :)
If I ever sound intense or angry in my responses, do not take it in that form, I tend to have that tone when expressing why I did something. So, sorry on that part. I replied in a sense, so I don't lose any "brownie points" for what was an accidental mistake.
If I ever am truly pissed off, I will use ALL CAPS, and on that note will probably be banned from X forum on X date I posted X post (which I assure you, I have never done anywhere except for usually one line in an instant messenger program when I'm instructing someone through editing the registry in Windows and could nearly break their copy of Windows) :)
Sign in to post your reply or Sign up for a free account.
Similar topics | |
by: Michael Albanese |
last post by:
I am building an ASP.Net web application that records
employee incident data over several screens. I have built
custom classes to hold this information as the user enters
data. In order to persist...
|
by: Larry R Harrison Jr |
last post by:
I have a database I'm designing in Access 97. I have a custom field in a
query which looks in {Table of Documents} and shows them all. It then needs
a "latest revision number," stored in another...
|
by: Scott Chang |
last post by:
Hi all,
I loaded the following program 'HelloMCPP' to my MS
VC++ .NET (2002) that is installed on my Windows XP
Professional PC:
-------------------------------------
AssemblyInfo.cpp...
|
by: mohyneenm |
last post by:
hi, as i understand we can read session or cache objects from a custom class
using httpContext.Current.Session("..."). Is there a way to add/modify
Session variables from the custom class?...
|
by: lucd |
last post by:
Hello,
I am currently playing with form authentication & role based
security on a web application.
As seen in the starter kit Time tracker, I setup a custom identity
class (CustomPrincipal)...
| | |
by: Beren |
last post by:
Hello
With trial and error I'm attempting to create an extended identity to store
some more data than just the Name, for example a Subscription and a
LastSearchPerformed property...
Is this a...
|
by: Shimon Sim |
last post by:
Hi
I am working on application that need to hold custom user information - Last
and first name, email, some other domain related information.
I used to create Base class for all my pages. The base...
|
by: matt.delvecchio |
last post by:
hello,
i understand the usefulness of having custom base classes when it
pertains to common methods or custom handling of events (say,
overriding all pages OnError and sending out an email of...
|
by: Pieter |
last post by:
Hi,
I'm using NHibernate 1.2 (CR1), and I'm using a custom list (inherited from
BindingList(Of T) ) for all my lists.
The NHibernate documentation told me that I had to implement...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
| |
