Code Forums - View Single Post - Keeping sessions unique when someone links with SESSID?

idx · 02-13-2005, 09:44 AM

Although someone with nefarious intentions can always fake a referrer. I think the search engine check is good, but that keeps the honest spiders, honest.

Comparing the value of a hashed _something_ on each page seems like a good thing to have. Going further with a request token (as the php security page mentions) is also good, but takes more work.

-r

02-13-2005, 09:44 AM	#19 (permalink)
idx Senior Grasshopper Join Date: Jun 2003 Location: FL Posts: 317	Although someone with nefarious intentions can always fake a referrer. I think the search engine check is good, but that keeps the honest spiders, honest. Comparing the value of a hashed _something_ on each page seems like a good thing to have. Going further with a request token (as the php security page mentions) is also good, but takes more work. -r