Hiding Session Id

**something else** · 26.07.09, 16:36

thats shadows site http://bestklub.com

**shad0w** · 26.07.09, 21:01

Not everyone can do what something else did... Anyway I have parsword protect owner tools and I download backup of my database every day...

**shad0w** · 26.07.09, 21:04

Originally posted by mobileGIGS View Post

I dnt think u undastand wot we're saying. Okay to illustrate, use mobile.aolsearch.com to log into a site dat uses dat method of ip/brwsr session validation, tel me if u get past login page or 2pages afta login. You'd get logged out. Why? They change their ip randomly. So does other network providers. They dnt usually use static ips. Therefore it may work 4 u cuz ur network uses static ip bt i can assure ur stubborn ass dat u'l get ppl leaving ur site so fast cuz they r gettn logged owt. But hey u can put ur ads in ur "your session has expired" page so ur visitors can c it often ROFL.

In Romania 95% of wap users use Orange Romania. The IP changes only if you disconnect from wap. Vodafone users are disconnected sometimes, but that does not hapen too often... So... In Romania that is a good solution :P

**shad0w** · 26.07.09, 21:41

I will change all the pages... Is boooring, but is safer... // If i disconnect frow and i go back to the site with last url option (on nokia) , i am still logged in ??? When will I be logged out automatic? Nothing will be added to addonline function???

**CreativityKills** · 27.07.09, 10:07

is dat a question? Anyway im nt beggin u to remove ur ip/brwser ****, im just asking u think out of the box. Wit additional code, u can stil validate a valid user even if ip changed. Its all in ur ability 2 think hard.

**shad0w** · 27.07.09, 11:30

If i disconnect from wap and i go back to the site with last url option (on nokia) , i am still logged in ??? When will I be logged out automatic? Nothing will be added to addonline function???

**something else** · 27.07.09, 18:17

using sessions u will be automatically logged out if you disconnect

**shad0w** · 28.07.09, 07:30

Originally posted by mobileGIGS View Post

is dat a question? Anyway im nt beggin u to remove ur ip/brwser ****, im just asking u think out of the box. Wit additional code, u can stil validate a valid user even if ip changed. Its all in ur ability 2 think hard.

And how can I do that ?? Can you tell me ??

**CreativityKills** · 28.07.09, 08:52

I'l give u a simple algorithm:

in core.php, add 2 d beginn,
session_start();

in login.php, after validatn a username n pwd, add
$_SESSION['incase'] = md5(uniqueid(rand(),true));
create a column in ibwf ses and when INSERTING d $sid and $ubr into ibwf ses, also associate $_SESSION['incase'] to d $sid e.g
INSERT INTO ibwf_ses SET id=$sid, newColumn=$_SESSION['incase'], uid=$uid. . .
Then, in islogged function, add sumtin like
IF getip() != $storedip {
IF !empty($_SESSION['incase']) {
$brw = explode("/",$_SERVER['HTTP_USER_AGENT']);
IF $_SESSION['incase'] == $storedNewColumnSession && $brw[0] == $storedBrowser {
return true;
}
}
return false;
}

LIKE I SAID ITS AN ALGORITHM, USE UR HEAD TO CODE.

**CreativityKills** · 28.07.09, 09:02

im 4 hire, if u want anyway, im cheap too. Custom script. Additional cash 4 a web version wit AJAX.

**shad0w** · 28.07.09, 14:55

If I use your algorithm I still have to modify &amplsid=$sid in every page ??

PHP Code:


// I want to use

$sid = md5("Shad0w");

**CreativityKills** · 28.07.09, 20:14

No u dont have to. Basically d script sets a session after logn on d brwser n stores same in db, IF ip check breaks, it checks if d session was set on d brwser, if it matches d database session and if it was actually d same brwser dat set d session thats requesting it...if all those r tru, then it is a valid user. Else break. If i wasnt on mobile i'd code it 4 u.

**kiLLeR-eyEd_14** · 28.07.09, 21:26

Originally posted by mobileGIGS View Post

I'l give u a simple algorithm:

in core.php, add 2 d beginn,
session_start();

in login.php, after validatn a username n pwd, add
$_SESSION['incase'] = md5(uniqueid(rand(),true));
create a column in ibwf ses and when INSERTING d $sid and $ubr into ibwf ses, also associate $_SESSION['incase'] to d $sid e.g
INSERT INTO ibwf_ses SET id=$sid, newColumn=$_SESSION['incase'], uid=$uid. . .
Then, in islogged function, add sumtin like
IF getip() != $storedip {
IF !empty($_SESSION['incase']) {
$brw = explode("/",$_SERVER['HTTP_USER_AGENT']);
IF $_SESSION['incase'] == $storedNewColumnSession && $brw[0] == $storedBrowser {
return true;
}
}
return false;
}

LIKE I SAID ITS AN ALGORITHM, USE UR HEAD TO CODE.

yeh.,he's right..you can do this when someone changes his ip everytime his browser disconnects and connect again..

**shad0w** · 28.07.09, 22:27

I understand mostly of the script... But in logout page i have to put sessiondistroy() ??
And ALL mobile browsers support that?? And if someone disconnects and use last url option is he logged out??

**something else** · 30.07.09, 00:18

Originally posted by mobileGIGS View Post

I'l give u a simple algorithm:

in core.php, add 2 d beginn,
session_start();

in login.php, after validatn a username n pwd, add
$_SESSION['incase'] = md5(uniqueid(rand(),true));
create a column in ibwf ses and when INSERTING d $sid and $ubr into ibwf ses, also associate $_SESSION['incase'] to d $sid e.g
INSERT INTO ibwf_ses SET id=$sid, newColumn=$_SESSION['incase'], uid=$uid. . .
Then, in islogged function, add sumtin like
IF getip() != $storedip {
IF !empty($_SESSION['incase']) {
$brw = explode("/",$_SERVER['HTTP_USER_AGENT']);
IF $_SESSION['incase'] == $storedNewColumnSession && $brw[0] == $storedBrowser {
return true;
}
}
return false;
}

LIKE I SAID ITS AN ALGORITHM, USE UR HEAD TO CODE.

a lot of people have problems with storing against ip and browser information due to not being collected by server every time ..... so people having to code it for if (getip() != $storedip|| getip() != ""){
but then your leaving a hole for ghost surfer etc: :P

Hiding Session Id

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment