[Snort-users] ACID cookies?

roman at ...438... roman at ...438...
Wed Mar 28 11:36:07 EST 2001


Actually, the use of cookies is a "feature".  Starting with 0.9.6b7,
much of ACID has been ported to use PHP sessions.  This 
functionality was included in order to clean-up how much of the
shared state is currently passed around (i.e. hidden variables
just got too messy and insecure).  Using sessions is just one of
several changes to make more ACID secure, but is also a prerequisite
for more complicated operations currently in the works.  In short, 
turning off cookies will break ACID.  However, it is possible to use PHP
sessions without cookies by appending sessions IDs to the URL;
but for now I have been concentrating on getting everything 
working with cookie-based sessions.

Does anyone have serious concerns about the use of cookies?  On
a similar note, I would like to introduce more Javascript?  Any 
issues from the community?

comments?
Roman

> First, great work on ACID.  
 >
> Second.  I just installed from CVS version .96b8 and put it in place.  One of
> the people I work for wants me to turn off cookies in ACID.  I was trying to
> look through the php to see if/where it sets the cookie at.  Any ideas or
> should I just tell him to disable cookies in netscape?
>
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/






More information about the Snort-users mailing list