|
|
Welcome to the Computer Webmaster Gaming Console Graphics Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact us. |
| |||||||
| Pear Pear programming, this is a very complex subject as with using pear with php can be a difficult task for some, so lets talk pear. |
 |
| | LinkBack | Thread Tools | Display Modes |
05-27-2007, 7:46 PM
| #1 | ||
 |
>Hi, > >I just wonder what is the use of LiveUser::setExternalValues() and >LiveUser::externalValuesMatch() ? > >I can not understand from the doc comments. > >Thanks. > >Regards, >Matthias Hi Matthias, this is a way to hinder/complicate session hijacking. You can define any kind of values like the user's ip address, user agent, charset whatever. This will be stored in the session on successful login and then validated with the current values on each page request. When the values that were stored on login do not match with the current values, the user will be denied access. You can define it in the config for the auth container like this: 'externalValues' => array('values' => $_SERVER, // any kind of array 'keysToCheck' => array('HTTP_USER_AGENT')) // keys existent in the array from above This means the user agent will be compared to the value in $_SERVER on each page request after the login. You don't need to rely on $_SERVER, you can also use values of your own. Best regards, Torsten | ||
     |
|
05-27-2007, 7:46 PM
| #2 | ||
| |
roehr@zilleon.com wrote: >> Hi, >> >> I just wonder what is the use of LiveUser::setExternalValues() and >> LiveUser::externalValuesMatch() ? >> >> I can not understand from the doc comments. >> >> Thanks. >> >> Regards, >> Matthias > > Hi Matthias, > > this is a way to hinder/complicate session hijacking. You can define any kind of values like the user's ip address, user agent, charset whatever. This will be stored in the session on successful login and then validated with the current values on each page request. When the values that were stored on login do not match with the current values, the user will be denied access. > > You can define it in the config for the auth container like this: > 'externalValues' => array('values' => $_SERVER, // any kind of array > 'keysToCheck' => array('HTTP_USER_AGENT')) // keys existent in the array from above > > This means the user agent will be compared to the value in $_SERVER on each page request after the login. > > You don't need to rely on $_SERVER, you can also use values of your own. > Ahh, thanks for making this clear to me. :-) Sounds like a useful feature. Regards, Matthias | ||
| |
| Featured Websites | ||||
|
|
| Tags: externalvalues, liveuser |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| LiveUser externalValues? | Matthias Nothhaft | Pear | 2 | 05-27-2007 7:46 PM |
| Featured Websites | ||||
|
LiveUser externalValues? 
PacMan
Linear Mode
