FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Sanitizing user input
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Sanitizing user input [message #169884 is a reply to message #169878] Wed, 29 September 2010 10:57 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 9/29/2010 4:01 AM, Web Dreamer wrote:
> Jerry Stuckle a écrit ce mercredi 29 septembre 2010 00:35 dans
> <i7trad$pm8$2(at)news(dot)eternal-september(dot)org> :
>
>> On 9/28/2010 12:24 PM, Michael Fesser wrote:
>>> Depends on whether several applications should be allowed to access and
>>> use the same session data or not. Usually I want my apps separated, even
>>> if they use the same code. So each one would get its own session name if
>>> necessary.
>
> Exactly, that's why each app should always have it's own session name and
> not use the default.
>
>> And how often do you have customers who want completely separate
>> applications on a site? I've never seen one who didn't want the new
>> code integrated into their existing site.
>
> We are talking about "web applications", not "web sites".
> Small companies can not afford more servers than employees to host web apps
> (not web sites) useful for their employees.
> See my other reply in this thread.
>

That is true. And even small companies want their site to provide one
consistent interface. What you have is a bunch of different
applications thrown together with no consistency between them. No
business which knows anything about the internet would want such on
their site. And only a code hacker would build such a site.

> Once you choose a session.name, you keep the same for the whole web app of
> course (otherwise everything would brake).
> What I mean is that for a "new app" you need a "new session.name" and you
> will keep this same session.name for the whole application of course.
>
> If you do not think of choosing a session.name for an application when you
> create it, and that you are asked to install this application on a server
> which already runs other applications (not sites), you risk clashes if they
> all use the same session.name.
>

And you still run that same risk because some other application may have
chosen the same name. If you must separate your information, you should
use some prefix for your session array keys.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: how to write a wsdl for php webservice?
Next Topic: ANNOUNCE - NHI1 / PLMK / libmsgque - Work-Package-II
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 11:15:20 GMT 2024

Total time taken to generate the page: 0.04434 seconds