Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4

Thread: security issue

  1. #1
    Regular Coder saeed's Avatar
    Join Date
    Oct 2002
    Location
    West Yorkshire
    Posts
    343
    Thanks
    32
    Thanked 0 Times in 0 Posts

    security issue

    Everybody have seen orkut.com

    now this is some kind of a general question and I believe am posting in right thread.
    Kindly have a look below:
    sample links

    http://www.orkut.com/Album.aspx?uid=(numbers here)
    http://www.orkut.com/Profile.aspx?uid=(numbers here)

    now if someone just copy paste this link to address bar it won't be getting through directly ... Its going to prompt for User Login page.

    Does anyone knows whats the trick behind it. I've password protected folder option provided by my web host but its not that good.

    any help regard this will be appreciated.


    many thanks,

    Saeed.
    Don't click on this!

    #!/usr/bin/saeed

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,456
    Thanks
    8
    Thanked 1,084 Times in 1,075 Posts
    It looks like it might be ASP ... not PHP ...

    but the same idea that PHP uses .... sessions.

    When logged-in, a session is started and retains the user ID.
    Each page viewed checks for a valid session before displaying it.
    If no session is active, it loads the log-in page.

  • #3
    Regular Coder saeed's Avatar
    Join Date
    Oct 2002
    Location
    West Yorkshire
    Posts
    343
    Thanks
    32
    Thanked 0 Times in 0 Posts
    thanks for your reply mate..

    is there any cookie thing involved ? I am sure there must be another way to protect members' profile.

    I can create normal password protected page but that isn't enough (i guess)

    I need something really good like orkut... u've seen members name are protected by series of numbers and in all situations ... user have to logged in before accessing someones profile or to do any activity there.


    (btw I was unable to find New thanks button with your reply)


    Saeed.
    Don't click on this!

    #!/usr/bin/saeed

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,456
    Thanks
    8
    Thanked 1,084 Times in 1,075 Posts
    Sessions are like cookies except the variables are stored
    on the server, not on the user's PC (like cookies are).


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •