If one does not know where the session data is, one cannot inject code to expose it.
Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com Robert Cummings wrote: > On Tue, 2008-09-02 at 14:45 -0500, Micah Gersten wrote: > >> Take a look at this: >> http://us2.php.net/manual/en/function.session-save-path.php >> > > This won't help since the OP mentioned he was worried about code > injection exposing the contents of $_SESSION. > > Cheers, > Rob. > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
