[Lavalair] [sid protection]Other people cannot login with the current user sid

definitely ISP won't do long loop connection. I don't want to explain too much.. learn cisco

ok so u want to run a lavalair script and also want it to be session safe........HmMmM ???

- Make url bbcodes and image bbcodes private or delete them entirely.
- If u want bbcodes to be used by users pass ur image through phpthumb.

BEST PRACTISE (for lavalair)
- USE COOKIES i.e PHP SESSION ID
- Dont allow Custom Browsers like one made through firefox addons such as user agent switcher
- Validate one session per ip,per browser and per id
- use above two methods also

for the summary, you should secure your site from xss attacks to prevent stealing of sessions =)
but i dont recomend to delete your bbcodes, it is the worst thing you should do if you didn't know how to secure a site, but basically you may restrict the users from using links with javascript

e.g:

in html:
in bbcode

this is just an example, a functionality of a user that you should not allow =)

if the user can post html codes directly anywhere in your site without using bbcode, then definitely, your site is vulnerable in xss =)

htmlspecialchars() function in PHP can help =)

everything is just a hint how to secure and fix your site.

<html>
users cookie is checked here - is it ok ? no stop here - yes carry on....
<body>

some text here

some hacker steals cookie/ session id here with a bb code

more text

</body>
end of page here so lets change the cookie and update it into the database (renders the stolen cookie useless)
</html>

Sir, I've a solution. u can pm me if u want. i cnt share here coz i am a very noob and a learner. i m afraid abt that, all sir's will laugh when they show my simple code. -Thanks sir.