1
techmob
PHPSESSID , causes people to take over accounts
  • 2006/1/13 18:52

  • techmob

  • Just popping in

  • Posts: 34

  • Since: 2005/3/4 2


i did something a while back can't remember what, but it removed PHPSESSID from the urls, so when someone posted a link from the site, it wouldn't let people take over their account..

but one user, when viewing links on the site always has that PHPSESSID with the url, and he posts a link to someone who then gained access to his account through that link

how can i remove it completely so no-one runs the risk of getting thier account took over when posting links from the site?

the site is using

Powered by XOOPS 2.0.9.2 © 2001-2003

2
jdseymour
Re: PHPSESSID , causes people to take over accounts

For one update to the latest 2.0.13.2 XOOPS version, then if you have access to php.ini disable the session id there.

3
techmob
Re: PHPSESSID , causes people to take over accounts
  • 2006/1/13 19:25

  • techmob

  • Just popping in

  • Posts: 34

  • Since: 2005/3/4 2


i am using that autologin hack, and also would updating effect the auto login hack and my skin..

any big changes that would effect a skin that works with an earlier version

cheers

4
m0nty
Re: PHPSESSID , causes people to take over accounts
  • 2006/1/13 21:14

  • m0nty

  • XOOPS is my life!

  • Posts: 3337

  • Since: 2003/10/24


its a server side issue.. if u can use htaccess or have access to php.ini, then you can use ?

htaccess method:

php_flag session.trans_sid off
php_flag session.use_only_cookies on

trans.sid off is the main thing, but use_only_cookies on, will add a bit of security too.

for php.ini:

session.use_trans_sid 0
session.use_only_cookies 1

Login

Who's Online

300 user(s) are online (226 user(s) are browsing Support Forums)


Members: 0


Guests: 300


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits