[imp] admins and horde

Jan Schneider jan@horde.org
Tue, 30 Oct 2001 10:24:06 +0100

Previous message: [imp] admins and horde
Next message: [imp] admins and horde
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zitat von M Z Rahman <zrahman@partex.net>:

> Quoting Chuck Hagenbuch <chuck@horde.org>:
> > 
> > Because active_sessions is how database-backed sessions in phplib work.
> We
> > use
> > PHP4 sessions, which are _far_ less buggy and better in pretty much every
> > way.
> > They also don't require you to have a database in order to have
> > functionality
> > that works.
> > 
> > -chuck
> > 
> 
> Hmm, as I know very little about PHP4 sessions, I will ask some dumb
> questions:
> can this PHP4 sessions be utilised to get how many users are logged in? If
> so,
> where are they stored and do they contain enough information to track down
> the
> user, or can they modified to do that?

Depends on how you configured php to handle sessions. If you have a file or a 
sql handler you can parse the stored session information for horde specific 
strings like 'pref_cache'.

But once again: This is not secure! Strings stored by Horde may change, other 
php scripts may store the same string, a user may have multiple sessions at 
once, you don't know if a session still is used or just not yet garbage 
collected....

Jan.

:::::::::::::::::::::::::::::::::::::::: 
AMMMa AG - discover your knowledge
:::::::::::::::::::::::::::
Detmolder Str. 25-33 :: D-33604 Bielefeld
fon +49.521.96878-0 :: fax  +49.521.96878-20
http://www.ammma.de
::::::::::::::::::::::::::::::::::::::::::::::

Previous message: [imp] admins and horde
Next message: [imp] admins and horde
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]