Security Question
Andreas Ebinger
ebinger@uni-hohenheim.de
Tue, 24 Oct 2000 09:12:20 +0200 (CEST)
Hi,
while reading through this I have another question
>> I took this at face value previously but after user complaints I've found
>> that this doesn't seem to work very well. First of all, even going
>> through phplibs documentation did not help me understand the difference
>> between "session cookies" and the cookie you get if you set lifetime>0 in
>> local.inc. Is it just that the lifetime=0 cookie is never written to disk
>> or is there another difference as well?
>lifetime=0 means the cookie is not written to disk, and lasts as long as the
>browser instance.
(my configuration: horde-imp 2.2.3,apache-1.3.12,mysql-3.22.32,php-4.0.3.p1,
lifetime=0)
If I login with cookies, then save the Url(bookmark), close netscape, start
netscape again ,turn the cookies off and go to the bookmark,
then I am logged in on my account.
(if I leave cookies on, I will be asked for the password/I have to log in again)
And I think if you turn off cookies all the time, I will get the same results.
When will the session be cancelled if you turn cookies off ?
If I want to keep the lifetime=0, can I do anything against that ?
And if I change lifetime to a different value, do I have to turn cookies on ?
Andreas
Andreas Ebinger
Rechenzentrum Uni Hohenheim
ebinger@uni-hohenheim.de
Telefon: 0711/459-3948