* Hilko Bengen: > Do you have any idea how the $key parameter to sess_destroy > (includes/session.inc) is generated?
It seems as if drupal uses the value generated by PHP, which would mean that it's not exploitable for SQL injection, but I'm not sure. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]