Topic: Cant add sessions to punbb :(

I'm trying out a new hack by putting in a token for registered users on the register form as a PHP Security guru suggests

http://shiflett.org/articles/foiling-cross-site-attacks

Unfortunately it seems the way punbb works it wont allow session, i think some stuff is coming in before the session starts even though I put in my session code at the top of register.php

Re: Cant add sessions to punbb :(

I'm confused, what are you trying to add?

Re: Cant add sessions to punbb :(

a token that is in the form and must match whats in the session, also I'm gonna set a 15min timeout, I know my code works as I've used it in a email form I have, but I'm trying to hack it into punbb registration

Re: Cant add sessions to punbb :(

What would the point of it be though? I think most bots process forms like a human would, which means the hidden field would be sent. I also would think that cookies (especially session cookies) are handled properly, since they're used so often for anti-spam measures

Re: Cant add sessions to punbb :(

ok good point, I guess I was thinking the cross-domain stuff might help with spam, doh