 |
 |
 |
 |
|
|
Date: 10/10/00
- Next message: Matt Williams: "[phplib] default auth"
- Previous message: Marko Kaening: "[phplib] Problems with examples and cvs commits..."
- In reply to: jalerta <email protected>: "Re: [phplib] Newbie - Is it necessary to pass Session ID in URL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In netuse.lists.phplib you write:
>Now the question is: Should every link on the site pass the session
>id as part of the URL or just those pages that directly relate to the
>shopping cart?
Each and every link, else you will lose the session as soon as
the user touches any non-rigged link.
Session ids in any part of the URL are not recommended as they
leak into proxy server logs and via referer to outside
locations. This is very dangerous - all large webmail providers
have been hacked this summer using leaking session ids. If
possible, transport session ids via cookies. Encourage your
users to enable cookies and use cookie based sessions - your
users lower their security by disabling cookies.
Kristian
---------------------------------------------------------------------
To unsubscribe, e-mail: phplib-unsubscribe <email protected>
For additional commands, e-mail: phplib-help <email protected>
- Next message: Matt Williams: "[phplib] default auth"
- Previous message: Marko Kaening: "[phplib] Problems with examples and cvs commits..."
- In reply to: jalerta <email protected>: "Re: [phplib] Newbie - Is it necessary to pass Session ID in URL?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]