Hi, On Thu, 10 Jan 2002 12:38:09 -0500 "Ryan M Harris" <rmharrisat_private> wrote: > sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from > here) + microtime() ) the remote ip is not good in here, since a proxy can provide serveral useres via one ip address. md5(microtime()+'secret_phrase'); is safe enough. the 'secret_phrase' should be differ on every installation of the software. Jan -- Q: Thank Jan? A: http://geschenke.an.dasmoped.net/
This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:20:53 PST