php-general | 2001032

Re: [PHP] sessions and cookies From: \[Inf\] F!RE-WALL (claninfinity <email protected>)
Date: 03/31/01

I don't recommend putting the Session ID in the URL. Subscibed members could
pass URL's to eachother and that way they could have eachother's settings.

""David Hynes"" <david <email protected>> wrote in message
news:NEBBKPMCELLJJBPCHMGPCEIECBAA.david <email protected>
> I am using sessions to password protect a section of a website.
>
> I am storing the session ID in a cookie but just in case cookies are not
> enabled, I am also passing the session ID in the query string to each page
> in the protected directory.
>
> Please can someone tell me if this could cause any problems, especially if
> the user if tries to access a URL from their history bar in the browser
with
> an old session ID.
>
> i think what I'm trying to ask is , if the script receives a session ID
from
> a query string and cookie, which does it use ?
>
> Thanks,
> David.
>
> -----------------------
> Fed202 Solutions
> www.fed202solutions.com
> Mobile : 07779 293368
> -----------------------
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-general-unsubscribe <email protected>
> For additional commands, e-mail: php-general-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe <email protected>
For additional commands, e-mail: php-general-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>