You can limit a domain:
setcookie("cookie_name","cookie_value","abc.com");
Setting cookies for a different site?
Moderator: General Moderators
-
Mad0Driver
- Forum Newbie
- Posts: 10
- Joined: Tue Jan 30, 2007 4:00 pm
Okay, please correct me if i'm wrong- but this is what i need to do (I think).
I need to add an additional column to one of the phpbb tables, and i need to have the login function set $xvariable, which needs to be a radomly generated # with an expiration date of ~10-15 seconds.
I beleive that phpbb uses $user_ip to get the users IP address and then hashes it, i would need to create a script that verified the persons ip address where $xvariable (from the URL) = $xvariable (from the db).
If so, i could then continue on with the rest of the normal scripts for obtaining the user information, etc. My one last question is about phpbb, if i want the cookies to show up, i need to install phpbb to secureexample.com, correct? i dont want to because that would mean that all forum info would be on the secrue server as well.
Thanks,
Austin
I need to add an additional column to one of the phpbb tables, and i need to have the login function set $xvariable, which needs to be a radomly generated # with an expiration date of ~10-15 seconds.
I beleive that phpbb uses $user_ip to get the users IP address and then hashes it, i would need to create a script that verified the persons ip address where $xvariable (from the URL) = $xvariable (from the db).
If so, i could then continue on with the rest of the normal scripts for obtaining the user information, etc. My one last question is about phpbb, if i want the cookies to show up, i need to install phpbb to secureexample.com, correct? i dont want to because that would mean that all forum info would be on the secrue server as well.
Thanks,
Austin
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
-
Mad0Driver
- Forum Newbie
- Posts: 10
- Joined: Tue Jan 30, 2007 4:00 pm
I had an additional thought. I have been working on this and i was wondering-
When i sign in, the first page i'm redirected to has me as "logged in" and there is a sessid in the URL. Could i simply query the URL for the info and then store that into a cookie? Is there a chance that someone else could interfere with an immediate redirection? if they immediately went to page x that got the value of the sessid in the url and then got the other information, then redirected me to page y, would that be okay?
Thanks
When i sign in, the first page i'm redirected to has me as "logged in" and there is a sessid in the URL. Could i simply query the URL for the info and then store that into a cookie? Is there a chance that someone else could interfere with an immediate redirection? if they immediately went to page x that got the value of the sessid in the url and then got the other information, then redirected me to page y, would that be okay?
Thanks