Hi there,
i rewrote my session management but i am encounting a prob when i clear my browser’s cache and cookies.
I can prompt the user to log in again but i realised that my session file are not being deleted. so if i set the cookie(trying to test session highjacking) to grab the old session id then it will be available and i can act as him.
i do add a session value which hold the time to expire tho. but if ever someone get hold of it befor the time then i am screwed :fight: lol.
Does somebody know how to get the old session id without checking the cookie???
Thanks a lot,
REgards
Jerome
