Bill Rausch pressed the little lettered thingies in this order...
> Rasmus, et.al.,
>
> OK, I'm still confused. What does SSL have to do with any of this?
>
SSL makes it impossible (well, improbable anyway) to sniff the session
ID from the network. Without SSL, anyone on the network between the
origin (client) and the destination (server) can get the session ID in plain
text by installing a packet sniffer on the network.
If you're relying on the URL to send session IDs, you'll never conquer
the "person looking over the shoulder" problem (assuming that you
believe that it's reasonable that someone can look over another's
shoulder and write down a 20 character string without the first person
noticing).
Christopher Ostmo
a.k.a. [EMAIL PROTECTED]
AppIdeas.com
Meeting cutting edge dynamic
web site needs
For a good time,
http://www.AppIdeas.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]